logstash启动后没有输出

Logstash | 作者 jhondom | 发布于2019年10月18日 | 阅读数：3486

通过filebeat采集日志传到logstash后存在ES中，但是logstash启动后没有输出，请各位老师指导：
filebeatyml配置：

filebeat.inputs:
- type: log
paths:
- /home/nginx/appnginx/logs/access.log
#- c:\programdata\elasticsearch\logs\
encoding: UTF-8
force_close_files: true
tail_files: true
publish_async: true
close_older: 15m

fields:
service: nginx_access

output.logstash:
hosts: ["10.248.104.13:5045"]

logstash.yml配置:

input {
beats {
port => 5045
ssl => false
#codec => "json"
}
}

filter {
if [fields][service] == "nginx_access" {
grok {
patterns_dir => "/app/logstash-7.1.1/patterns"
match => {
"message" => "%{NGINXACCESS}"
}
}
geoip {
source => "remote_ip"
target => "geoip"
#database => "/root/logstash-6.3.2/GeoLiteCity.dat"
database => "/app/logstash-7.1.1/GeoLite2-City_20191015/GeoLite2-City.mmdb"
add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ]
add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}" ]
}
if "_geoip_lookup_failure" in [tags] { drop { } }

mutate {

convert => [ "[geoip][coordinates]", "float" ]
convert => [ "status","integer" ]
convert => [ "bytes","integer" ]
remove_field => [ "host","tags","beat","@version","prospector","fields","input","timestamp","message"]
}
}
}

output {
elasticsearch {
#action => "index"
hosts => ["10.248.104.17:9200"]
index => "nginx_access-%{+YYYY.MM.dd}"
user => "elastic"
password => "1yKgESYFA1mqccOcjMC2"
}

}

filebeat的日志：

logstash: