主题:filebeat配置
1.安装
curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.2.3-x86_64.rpm
sudo rpm -vi filebeat-6.2.3-x86_64.rpm
2.配置 vim /etc/filebeat/filebeat.yml
filebeat.prospectors:
- type: log
enabled: true
paths:
- /var/log/*.log
output.elasticsearch:
hosts: ["myEShost:9200"]
username: "elastic"
password: "elastic"
3.配置logstash的config
input {
beats {
port => "5044"
}
}
filter {
grok {
match => { "message" => "%{COMBINEDAPACHELOG}"}
}
}
output {
elasticsearch {
hosts => ["172.16.68.103:9200"]
user => "elastic"
password => "123456789"
}
stdout { codec => rubydebug }
}
4.删除filebeat的register文件(如果有):
rm -rf /var/lib/filebeat/register
5.发布
sudo /usr/bin/filebeat -c -e /etc/filebeat/filebeat.yml -d "publish"