filebeat 配置文件
root@Product3:/etc/filebeat#catfilebeat.yml filebeat.prospectors: -type:log enabled:true paths: -/var/www/bigbear_server/shared/log/ms.log fields: log_tpics:server -type:log enabled:true paths: -/var/www/bigbear_sidekiq/shared/log/ms.log fields: log_tpics:sidekiq -type:log enables:true paths: -/application/Nginx/logs/access810*.log fields: log_tpics:Nginx output.logstash: hosts:["x.x.x.x:5044"]
Logstash配置文件
root@Product4:/application/logstash-6.2.4/bin#cat../config/02-beats-input.conf input{ beats{ #host=>"x.x.x.x" codec=>plain{charset=>"UTF-8"} port=>5044 #ssl=>true #ssl_certificate=>"/etc/pki/tls/certs/logstash-forwarder.crt" #ssl_key=>"/etc/pki/tls/private/logstash-forwarder.key" } } output{ elasticsearch{ codec=>plain{charset=>"UTF-8"} hosts=>"http://localhost:9200" #sniffing=>true manage_template=>false index=>"%{[fields][log_topics]}--%{+YYYY.MM.dd}" document_type=>"%{[@Metadata][type]}" } }
查看logstash的打开文件数和描述
root@Product4:/application/logstash-6.2.4/bin#curl-XGET'localhost:9600/_node/stats/process?pretty' { "host":"Product4","version":"6.2.4","http_address":"127.0.0.1:9600","id":"6e6fc083-b27e-4227-8dd4-dec6bcc5ff4d","name":"Product4","process":{ "open_file_descriptors":146,"peak_open_file_descriptors":147,"max_file_descriptors":65536,"mem":{ "total_virtual_in_bytes":14873796608 },"cpu":{ "total_in_millis":134210,"percent":0,"load_average":{ "1m":0.79,"5m":0.77,"15m":0.48 } } } }
注意“open_file_descriptors”和“peak_open_file_descriptors”,我们看到那些超过1000(当它们通常在100和500之间时)。当该措施达到四位或五位数时,logstash正在降低(或已经下降)
当上述计数器位于5位时,“lsof -p LogstashPID | wc -l”命令仍会返回一个更小的数字(小于400)。
例如,在上面的例子中,logstash在达到10000的时候已经下降了。(Prob更早)
但我还不知道从这里做什么。
这显然是一个logstash错误,但没有人弹性似乎关心。