ELK解析日志是logstash映射出错

通过filebeat读取日志文件,文件内容如下
127.0.0.1 - - [10/Jul/2018:08:51:57 +0800] "GET / HTTP/1.1" 404 986
logstash的input和output如下
input {
beats {
port => "5044"
}
}
filter {
grok {
match => { "message" => "%{COMBINEDAPACHELOG}" }
}
date {
match => [ "timestamp", "dd/MMM/yyyy:HH:mm:ss Z" ]
target => ["datetime"]
}
geoip {
source => "clientip"
}
}
output {
elasticsearch {
hosts => "127.0.0.1:9200"
index => "access_log"
}
stdout { codec => rubydebug }
}

本来应该可以自动映射出来
但是出来的内容是这样的
{
"_index": "access_log",
"_type": "doc",
"_id": "yrO3y2UBS1hmFNgRv6jZ",
"_score": 1,
"_source": {
"host": "LAPTOP-C9R6GBSV",
"tags": [
"beats_input_codec_plain_applied",
"_grokparsefailure",
"_geoip_lookup_failure"
],
"@timestamp": "2018-09-12T02:59:00.123Z",
"message": "127.0.0.1 - - [10/Jul/2018:08:51:57 +0800] "GET / HTTP/1.1" 404 986",
"prospector": {
"type": "log"
},
"source": "C:\Users\Desktop\logs\localhost_access_log.2018-07-10.log",
"beat": {
"name": "LAPTOP-C9R6GBSV",
"hostname": "LAPTOP-C9R6GBSV",
"version": "6.2.0"
},
"offset": 996,
"@version": "1"
}
}

            很明显没有映射出来
Csdn user default icon
上传中...
上传图片
插入图片
抄袭、复制答案,以达到刷声望分或其他目的的行为,在CSDN问答是严格禁止的,一经发现立刻封号。是时候展现真正的技术了!
立即提问
相关内容推荐