У меня есть следующая конфигурация Logstash:
input {
kafka {
bootstrap_servers => "svc-kafka:9093"
topics => ["ELK.LOG_EVENT.PROC", "ELK.API_ANALYTICS.PROC"]
codec => "json"
decorate_events => true
}
}
output {
if [kafka][topic] == "ELK.LOG_EVENT.PROC" {
elasticsearch {
hosts => ["svc-es:9200"]
index => "elklogevent-%{+YYYY.MM.dd}"
document_id => "%{id}"
}
} else {
elasticsearch {
hosts => ["svc-es:9200"]
index => "elkapianalytics-%{+YYYY.MM.dd}"
document_id => "%{id}"
}
}
}
Но я получаю следующую ошибку:
[2018-10-11T13:16:30,035][ERROR][logstash.agent ] Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError", :message=>"Expected one of #, input, filter, output at line 24, column 1 (byte 514) after ", :backtrace=>["/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:42:in `compile_imperative'", "/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:50:in `compile_graph'", "/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:12:in `block in compile_sources'", "org/jruby/RubyArray.java:2486:in `map'", "/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:11:in `compile_sources'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:51:in `initialize'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:171:in `initialize'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:40:in `execute'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:335:in `block in converge_state'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:141:in `with_pipelines'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:332:in `block in converge_state'", "org/jruby/RubyArray.java:1734:in `each'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:319:in `converge_state'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:166:in `block in converge_state_and_update'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:141:in `with_pipelines'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:164:in `converge_state_and_update'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:90:in `execute'", "/usr/share/logstash/logstash-core/lib/logstash/runner.rb:343:in `block in execute'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/stud-0.0.23/lib/stud/task.rb:24:in `block in initialize'"]}
Несмотря на то, что ясно говорит, что недоволен строкой 24, я не понимаюне знаете, как лучше всего диагностировать проблему?Я не слишком знаком с языком Ruby и / или Logstash в целом.
Этот фрагмент основан на этом сообщении SO: logstash 5.0.1: настройка вывода из эластичного поиска по нескольким индексам для нескольких тем ввода kafka
--- EDIT: пример выходных данных отладки после включения stdout { codec => rubydebug } внутри output {} блока ---
{
"message" => "Started Application in 15.296 seconds (JVM running for 16.37)",
"@version" => "1",
"loggerFqcn" => "org.apache.commons.logging.LogFactory$Log4jLog",
"threadPriority" => 5,
"timestamp" => "2018-10-11T14:39:35.984+0000",
"level" => "INFO",
"threadId" => 1,
"hostname" => "deploy-obfuscated-service-59ffb8957d-rbgs6",
"endOfBatch" => false,
"loggerName" => "com.abc.obfuscated.Application",
"service" => "obfuscated-service",
"thread" => "main",
"timeMillis" => 1539268775984,
"@timestamp" => 2018-10-11T14:39:35.987Z
}