1.下载
下载:https://www.elastic.co/cn/downloads/beats/filebeat
我这里官网下载的版本filebeat-7.0.0-linux-x86_64.tar.gz
2. 配置
1) 通过FTP工具上传至/opt/elk目录下
2) 切换/opt/elk目录下,解压
# tar -xvzf filebeat-7.0.0-linux-x86_64.tar.gz
3) 打开filebeat-7.0.0-linux-x86_64目录下filebeat.yml文件进行配置:
#=========================== Filebeat inputs =============================
filebeat.inputs:
# Each - is an input. Most options can be set at the input level, so
# you can use different inputs for various configurations.
# Below are the input specific configurations.
- type: log
enabled: true
paths:
- D:/ICV_ROOT/GoLog/*/*/data*.log
encoding: plain
document_type: "datalog"
fields:
# level: debug
# review: 1
logtype: datalog
### Multiline options
# Multiline can be used for log messages spanning multiple lines. This is common
# for Java Stack Traces or C-Line Continuation
# The regexp Pattern that has to be matched. The example pattern matches all lines starting with [
#multiline.pattern: ^\[
# Defines if the pattern set under pattern should be negated or not. Default is false.
#multiline.negate: false
# Match can be set to "after" or "before". It is used to define if lines should be append to a pattern
# that was (not) matched before or after or as long as a pattern is not matched based on negate.
# Note: After is the equivalent to previous and before is the equivalent to to next in Logstash
#multiline.match: after 
3. 启动
1) 启动命令:
# ./filebeat.exe -e -c filebeat.yml
2) 后台启动命令:
#nohup ./filebeat -e -c filebeat.yml > filebeat.log &
3) 查看filebeat进程:
# ps -ef |grep filebeat
4) 杀死filebeat进程:
# kill -9 pid
326
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
