2.安装filebeat

1. dpkg安装filebeat¶

dpkg -i filebeat-7.16.2-amd64.deb

root@4c16g:/home/ubuntu# dpkg -i filebeat-7.16.2-amd64.deb
Selecting previously unselected package filebeat.
(Reading database ... 126241 files and directories currently installed.)
Preparing to unpack filebeat-7.16.2-amd64.deb ...
Unpacking filebeat (7.16.2) ...
Setting up filebeat (7.16.2) ...
Processing triggers for systemd (245.4-4ubuntu3.13) ...

2. 修改filebeat配置文件¶

1. 备份¶

#1.备份
cd /etc/filebeat
ls
cp filebeat.yml filebeat.yml.bak

root@4c16g:/etc/elasticsearch# cd /etc/filebeat
root@4c16g:/etc/filebeat# ls
fields.yml  filebeat.reference.yml  filebeat.yml  modules.d
root@4c16g:/etc/filebeat# cp filebeat.yml filebeat.yml.bak

2. 修改¶

#2.修改配置文件 # 修改2处
vim filebeat.yml

1. 从哪拿数据¶

#从哪拿数据：
#1.修改第25行为True，
#2.修改第29行，自己的log文件

 13 # ============================== Filebeat inputs ===============================
 14
 15 filebeat.inputs:
 16
 17 # Each - is an input. Most options can be set at the input level, so
 18 # you can use different inputs for various configurations.
 19 # Below are the input specific configurations.
 20
 21 # filestream is an input for collecting log messages from files.
 22 - type: filestream
 23
 24   # Change to true to enable this input configuration.
 25   enabled: true
 26
 27   # Paths that should be crawled and fetched. Glob based paths.
 28   paths:
 29     - /var/log/chup.log
 30     #- c:\programdata\elasticsearch\logs\*
 31
 32   # Exclude lines. A list of regular expressions to match. It drops the lines that are
 33   # matching any regular expression from the list.
 34   #exclude_lines: ['^DBG']
 35
 36   # Include lines. A list of regular expressions to match. It exports the lines that are
 37   # matching any regular expression from the list.
 38   #include_lines: ['^ERR', '^WARN']
 39
 40   # Exclude files. A list of regular expressions to match. Filebeat drops the files that
 41   # are matching any regular expression from the list. By default, no files are dropped.
 42   #prospector.scanner.exclude_files: ['.gz$']
 43
 44   # Optional additional fields. These fields can be freely picked
 45   # to add additional information to the crawled log files for filtering
 46   #fields:
 47   #  level: debug
 48   #  review: 1

2. 数据发给谁¶

#数据发给谁：修改第134行，数据发送给elasticsearch所在的服务器！

127 # ================================== Outputs ===================================
128
129 # Configure what output to use when sending the data collected by the beat.
130
131 # ---------------------------- Elasticsearch Output ----------------------------
132 output.elasticsearch:
133   # Array of hosts to connect to.
134   hosts: ["10.0.8.5:9200"]
135
136   # Protocol - either `http` (default) or `https`.
137   #protocol: "https"
138
139   # Authentication credentials - either API key or username/password.
140   #api_key: "id:api_key"
141   #username: "elastic"
142   #password: "changeme"

3. 启动filebeat服务¶

systemctl start filebeat

systemctl status filebeat.service

4. 查看elasticsearch中的索引¶

curl 127.0.0.1:9200/_cat/indices
# 只要有日志产生，就会出现filebeat！

最后更新: 2022-02-19 13:05:46