Sending Logstash's logs to /data/eshome/logstash/logs which is now configured via log4j2.properties
[2017-12-27T13:38:52,661][INFO ][logstash.modules.scaffold] Initializing module {:module_name=>"fb_apache", :directory=>"/data/eshome/logstash/modules/fb_apache/configuration"}
[2017-12-27T13:38:52,690][INFO ][logstash.modules.scaffold] Initializing module {:module_name=>"netflow", :directory=>"/data/eshome/logstash/modules/netflow/configuration"}
[2017-12-27T13:38:53,576][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2017-12-27T13:38:54,770][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"6.1.1"}
[2017-12-27T13:38:55,838][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
[2017-12-27T13:39:00,342][ERROR][logstash.outputs.elasticsearch] Unknown setting 'host' for elasticsearch
[2017-12-27T13:39:00,343][ERROR][logstash.outputs.elasticsearch] Unknown setting 'port' for elasticsearch
[2017-12-27T13:39:00,343][ERROR][logstash.outputs.elasticsearch] Unknown setting 'protocol' for elasticsearch
[2017-12-27T13:39:00,343][ERROR][logstash.outputs.elasticsearch] Unknown setting 'cluster' for elasticsearch
[2017-12-27T13:39:00,375][ERROR][logstash.agent ] Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError", :message=>"Something is wrong with your configuration.", :backtrace=>["/data/eshome/logstash/logstash-core/lib/logstash/config/mixin.rb:89:in `config_init'", "/data/eshome/logstash/logstash-core/lib/logstash/outputs/base.rb:63:in `initialize'", "/data/eshome/logstash/logstash-core/lib/logstash/output_delegator_strategies/shared.rb:3:in `initialize'", "/data/eshome/logstash/logstash-core/lib/logstash/output_delegator.rb:25:in `initialize'", "/data/eshome/logstash/logstash-core/lib/logstash/plugins/plugin_factory.rb:86:in `plugin'", "/data/eshome/logstash/logstash-core/lib/logstash/pipeline.rb:114:in `plugin'", "(eval):16:in `<eval>'", "org/jruby/RubyKernel.java:994:in `eval'", "/data/eshome/logstash/logstash-core/lib/logstash/pipeline.rb:86:in `initialize'", "/data/eshome/logstash/logstash-core/lib/logstash/pipeline.rb:171:in `initialize'", "/data/eshome/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:40:in `execute'", "/data/eshome/logstash/logstash-core/lib/logstash/agent.rb:335:in `block in converge_state'", "/data/eshome/logstash/logstash-core/lib/logstash/agent.rb:141:in `with_pipelines'", "/data/eshome/logstash/logstash-core/lib/logstash/agent.rb:332:in `block in converge_state'", "org/jruby/RubyArray.java:1734:in `each'", "/data/eshome/logstash/logstash-core/lib/logstash/agent.rb:319:in `converge_state'", "/data/eshome/logstash/logstash-core/lib/logstash/agent.rb:166:in `block in converge_state_and_update'", "/data/eshome/logstash/logstash-core/lib/logstash/agent.rb:141:in `with_pipelines'", "/data/eshome/logstash/logstash-core/lib/logstash/agent.rb:164:in `converge_state_and_update'", "/data/eshome/logstash/logstash-core/lib/logstash/agent.rb:90:in `execute'", "/data/eshome/logstash/logstash-core/lib/logstash/runner.rb:343:in `block in execute'", "/data/eshome/logstash/vendor/bundle/jruby/2.3.0/gems/stud-0.0.23/lib/stud/task.rb:24:in `block in initialize'"]}
看红色字体,原因是配置文件在新版中改了参数
elasticsearch { host => '127.0.0.1' },
去掉 port protocol cluster 三个节点,改hosts为:["localhost:9200"]