- 安装
wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.2.3-linux-x86_64.tar.gz2.配置
tar xzvf filebeat-6.2.3-linux-x86_64.tar.gz
cd filebeat-6.2.3-linux-x86_64
vim filebeat.yml这里选择连接logstash
...
#=========================== Filebeat prospectors =============================
filebeat.prospectors:
# Each - is a prospector. Most options can be set at the prospector level, so
# you can use different prospectors for various configurations.
# Below are the prospector specific configurations.
- type: log
# Change to true to enable this prospector configuration.
enabled: true
# Paths that should be crawled and fetched. Glob based paths.
paths:
- /Library/apache-tomcat-8.5.15/bin/logs/web.log
...enabled: 改成true
paths选择日志位置
...
#-------------------------- Elasticsearch output ------------------------------
#output.elasticsearch:
# Array of hosts to connect to.
#hosts: ["localhost:9200"]
# Optional protocol and basic auth credentials.
#protocol: "https"
#username: "elastic"
#password: "changeme"
#----------------------------- Logstash output --------------------------------
output.logstash:
# The Logstash hosts
hosts: ["localhost:5044"]
...这里把输出到elasticsearch的配置注释选择输出到logstash
==注意==
这样配置需要手动导入elasticsearch模板(这里不做记录)
3.运行
sudo chown root filebeat.yml
sudo ./filebeat -e -c filebeat.yml -d "publish"4.关于logstash接收数据
input {
beats {
port => 5045
}
1308
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
