2.安装filebeat
1. dpkg安装filebeat¶
dpkg -i filebeat-7.16.2-amd64.deb
root@4c16g:/home/ubuntu# dpkg -i filebeat-7.16.2-amd64.deb
Selecting previously unselected package filebeat.
(Reading database ... 126241 files and directories currently installed.)
Preparing to unpack filebeat-7.16.2-amd64.deb ...
Unpacking filebeat (7.16.2) ...
Setting up filebeat (7.16.2) ...
Processing triggers for systemd (245.4-4ubuntu3.13) ...
2. 修改filebeat配置文件¶
1. 备份¶
#1.备份
cd /etc/filebeat
ls
cp filebeat.yml filebeat.yml.bak
root@4c16g:/etc/elasticsearch# cd /etc/filebeat
root@4c16g:/etc/filebeat# ls
fields.yml filebeat.reference.yml filebeat.yml modules.d
root@4c16g:/etc/filebeat# cp filebeat.yml filebeat.yml.bak
2. 修改¶
#2.修改配置文件 # 修改2处
vim filebeat.yml
1. 从哪拿数据¶
#从哪拿数据:
#1.修改第25行为True,
#2.修改第29行,自己的log文件
13 # ============================== Filebeat inputs ===============================
14
15 filebeat.inputs:
16
17 # Each - is an input. Most options can be set at the input level, so
18 # you can use different inputs for various configurations.
19 # Below are the input specific configurations.
20
21 # filestream is an input for collecting log messages from files.
22 - type: filestream
23
24 # Change to true to enable this input configuration.
25 enabled: true
26
27 # Paths that should be crawled and fetched. Glob based paths.
28 paths:
29 - /var/log/chup.log
30 #- c:\programdata\elasticsearch\logs\*
31
32 # Exclude lines. A list of regular expressions to match. It drops the lines that are
33 # matching any regular expression from the list.
34 #exclude_lines: ['^DBG']
35
36 # Include lines. A list of regular expressions to match. It exports the lines that are
37 # matching any regular expression from the list.
38 #include_lines: ['^ERR', '^WARN']
39
40 # Exclude files. A list of regular expressions to match. Filebeat drops the files that
41 # are matching any regular expression from the list. By default, no files are dropped.
42 #prospector.scanner.exclude_files: ['.gz$']
43
44 # Optional additional fields. These fields can be freely picked
45 # to add additional information to the crawled log files for filtering
46 #fields:
47 # level: debug
48 # review: 1
2. 数据发给谁¶
#数据发给谁:修改第134行,数据发送给elasticsearch所在的服务器!
127 # ================================== Outputs ===================================
128
129 # Configure what output to use when sending the data collected by the beat.
130
131 # ---------------------------- Elasticsearch Output ----------------------------
132 output.elasticsearch:
133 # Array of hosts to connect to.
134 hosts: ["10.0.8.5:9200"]
135
136 # Protocol - either `http` (default) or `https`.
137 #protocol: "https"
138
139 # Authentication credentials - either API key or username/password.
140 #api_key: "id:api_key"
141 #username: "elastic"
142 #password: "changeme"
3. 启动filebeat服务¶
systemctl start filebeat
systemctl status filebeat.service
4. 查看elasticsearch中的索引¶
curl 127.0.0.1:9200/_cat/indices
# 只要有日志产生,就会出现filebeat!
最后更新:
2022-02-19 13:05:46