logstash 常见解决方法
1. logstash 无法连接 kafka
logstash 版本: logstash-1.5.4-1.noarch.rpm
logstash.log 错误信息:
{:timestamp=>"2015-11-16T18:41:00.365000+0800", :message=>"The error reported is: \n uninitialized constant Concurrent::Delay::Executor"}
解决方法:
降级版本就可以: logstash-1.5.2-1.noarch.rpm
2. 降级后发现 grok 匹配完全错误了
把之前 logstash-1.5.4-1.noarch.rpm grok patterns 进行替换就可以
grok 语法匹配必须要根据不同版本的 patterns 使用不同语法
默认位置
rpm -ql logstash | grep grok | grep patterns
简单升级方法
/opt/logstash/bin/plugin update grok
也可以从其他 rpm 包中直接提取文件, 如
/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.3.0/patterns/grok-patterns
3. 输出详细日志方法
[root@hh-yun-pinyun-129181 ~]# grep LS_OPTS /etc/init.d/logstash LS_OPTS="--verbose"
4 验证配置文件是否正确方法
/opt/logstash/bin/logstash --configtest -f /etc/logstash/conf.d/hh-yun.conf Configuration OK
5. 常见日志错误如下
tail -f /var/log/logstash-forwarder/logstash-forwarder.err 2015/12/07 17:43:30.961175 Failed to tls handshake with 10.199.129.61 x509: cannot validate certificate for 10.199.129.61 because it doesn't contain any IP SANs
解决:
vim /etc/pki/tls/openssl.cnf [ v3_ca ] subjectAltName=IP:10.199.129.61 <-添加对应信息 重新创建密钥对 openssl req -subj '/CN=hh-yun-haproxy-129061.vclound.com/' -x509 -days 3650 -batch -nodes -newkey rsa:2048 -keyout /etc/pki/tls/private/logstash-forwarder.key -out /etc/pki/tls/certs/logstash-forwarder.crt 重启服务 [root@hh-yun-haproxy-129061 ~]# service logstash-forwarder restart logstash-forwarder stopped. logstash-forwarder started
6. 增大事件传输数量
vim /etc/init.d/logstash-forwarder args=-config\ /etc/logstash-forwarder.conf\ -spool-size\ 4096\ -harvest-buffer-size\ 32768