有三个注意事项:
- 保证收集的日志有查看权限
[root@node04 conf.d]# ll /var/log/nginx/access.log
-rw-r----- 1 root root 73148 Nov 15 13:17 /var/log/nginx/access.log
[root@node04 conf.d]# chmod 644 /var/log/nginx/access.log
[root@node04 conf.d]# ll /var/log/nginx/access.log
-rw-r--r-- 1 root root 73148 Nov 15 13:17 /var/log/nginx/access.log
- logstash启动用户建议修改成root用户
[Service]
Type=simple
User=root
Group=root #修改成root
- 检查logstash配置文件
/usr/share/logstash/bin/logstash "--path.settings" "/etc/logstash" "--path.config" "/etc/logstash/conf.d" -t
否则,会出现logstash启动成功,日志没有报错,但是elasticsearch中没有添加索引的情况。