我使用logtash，filebeat，elasticsearch的5.1.2版本…“ ELK”

我尝试从tomcat服务器发送日志（catalina.out和apps-
java日志），但是无法完成，因为存在logstash多行过滤器/编解码器的配置问题。

我遵循以下说明
https://blog.lanyonm.org/articles/2014/01/12/logstash-multiline-tomcat-log-
parsing.html

Logstash.conf是这样的：

input {
    beats {
    port => 9000
    }
}

filter {
  if [type] == "tomcat-pro" {
    codec => "multiline" {
      patterns_dir => "/opt/logstash/patterns"
      pattern => "(^%{TOMCAT_DATESTAMP})|(^%{CATALINA_DATESTAMP})"
      negate => true
      what => "previous"
    }
  }
}

output {
    elasticsearch {
        hosts => ["localhost:9200"]
        index => "tomcat-pro"
    }   
}

Logstash接收filebeat文件。
Filebeat.yml

filebeat.prospectors:
- input_type: log
  document_type: tomcat-pro
  paths:
  - /opt/tomcat-test/logs/catalina.out

当我启动该服务时，控制台会向我显示以下内容：

[2017-01-26T13:10:33,712][ERROR][logstash.agent           ] fetched an invalid config {:config=>"input {\n    beats {\n    port => 9000\n    }\n}\n\nfilter {\n  if [type] == \"tomcat-pro\" {\n    codec => \"multiline\" {\n      patterns_dir => \"/opt/logstash/patterns\"\n      pattern => \"(^%{TOMCAT_DATESTAMP})|(^%{CATALINA_DATESTAMP})\"\n      negate => true\n      what => \"previous\"\n    }\n  }\n}\n\noutput {\n    elasticsearch {\n        hosts => [\"localhost:9200\"]\n        index => \"tomcat-pro\"\n    }   \n}\n", :reason=>"Expected one of #, { at line 9, column 11 (byte 96) after filter {\n  if [type] == \"tomcat-pro\" {\n    codec "}

摘要：

fetched an invalid config
reason=>"Expected one of #, { at line 9, column 11 (byte 96) after filter {\n  if [type] == \"tomcat-pro\" {\n    codec "}

我在Google中读过，建议在Filebeat中使用多行而不是在Logstash中使用多行，但是我的配置不很好…

有人可以帮我吗？:(

PD：我是西班牙人，对“谷歌翻译”感到抱歉。Si puedes响应者，西班牙语，大量