标签:ELK logstash
filebeat 配置文件
root@Product3:/etc/filebeat# cat filebeat.yml filebeat.prospectors: - type: log enabled: true paths: - /var/www/bigbear_server/shared/log/ms.log fields: log_tpics: server - type: log enabled: true paths: - /var/www/bigbear_sidekiq/shared/log/ms.log fields: log_tpics: sidekiq - type: log enables: true paths: - /application/nginx/logs/access810*.log fields: log_tpics: nginx output.logstash: hosts: ["x.x.x.x:5044"]
Logstash配置文件
root@Product4:/application/logstash-6.2.4/bin# cat ../config/02-beats-input.conf
input {
beats {
# host => "x.x.x.x"
codec => plain{ charset => "UTF-8" }
port => 5044
# ssl => true
# ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt"
# ssl_key => "/etc/pki/tls/private/logstash-forwarder.key"
}
}
output {
elasticsearch {
codec => plain{ charset => "UTF-8" }
hosts => "http://localhost:9200"
# sniffing => true
manage_template => false
index => "%{[fields][log_topics]}--%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
}
}查看logstash的打开文件数和描述
root@Product4:/application/logstash-6.2.4/bin# curl -XGET 'localhost:9600/_node/stats/process?pretty'
{
"host" : "Product4",
"version" : "6.2.4",
"http_address" : "127.0.0.1:9600",
"id" : "6e6fc083-b27e-4227-8dd4-dec6bcc5ff4d",
"name" : "Product4",
"process" : {
"open_file_descriptors" : 146,
"peak_open_file_descriptors" : 147,
"max_file_descriptors" : 65536,
"mem" : {
"total_virtual_in_bytes" : 14873796608
},
"cpu" : {
"total_in_millis" : 134210,
"percent" : 0,
"load_average" : {
"1m" : 0.79,
"5m" : 0.77,
"15m" : 0.48
}
}
}
}注意“ open_file_descriptors ”和“ peak_open_file_descriptors ”,我们看到那些超过1000(当它们通常在100和500之间时)。当该措施达到四位或五位数时,logstash正在降低(或已经下降)
当上述计数器位于5位时,“lsof -p LogstashPID | wc -l”命令仍会返回一个更小的数字(小于400)。
例如,在上面的例子中,logstash在达到10000的时候已经下降了。(Prob更早)
但我还不知道从这里做什么。
这显然是一个logstash错误,但没有人弹性似乎关心。
标签:ELK logstash
原文地址:http://blog.51cto.com/dellinger/2125891
