elk+filebeat

最新推荐文章于 2024-09-22 12:24:44 发布

tryyourbest0928

最新推荐文章于 2024-09-22 12:24:44 发布

阅读量81

点赞数

分类专栏： elk 文章标签： elk centos7

本文链接：https://blog.csdn.net/tryyourbest0928/article/details/115949365

版权

elk 专栏收录该内容

2 篇文章 0 订阅

订阅专栏


# 启动： nohup ./filebeat -e -c filebeat.yml & 
root@ctdnad21:/opt/elk/filebeat/filebeat-7.11.1-linux-x86_64# cat filebeat.yml
filebeat.inputs:
- type: log
  enabled: true
  paths:
    - /var/log/pinsurvey/newlogs/ezcloud*.log
  fields:
    log_topics: ezcloud
- type: log
  enabled: true
  paths:
    - /var/log/pinsurvey/newlogs/ezpay*.log
  fields:
    log_topics: ezpay
- type: log
  enabled: true
  paths:
    - /var/log/pinsurvey/newlogs/pinsurvey*.log
  fields:
    log_topics: pinsurvey
name: "192.168.23.98"
filebeat.config.modules:
  path: /opt/elk/filebeat/filebeat-7.11.1-linux-x86/modules.d/*.yml
  reload.enabled: true
  reload.period: 10s

output.logstash:
  hosts: ["192.168.23.98:5044"]
  topic: '%{[fields.log_topics]}'
logging.level: debug 
root@ctdnad21:/opt/elk/filebeat/filebeat-7.11.1-linux-x86_64# cd ../


# 启动： nohup bin/logstash -f config/logstash-7.conf & 
root@ctdnad21:/opt/elk/logstash-7.10.2/config# cat logstash-7.conf 
input {
  beats {
    port => 5044
  }
}
#input {
#  stdin {}
#}

filter {
  json {
    source => "message"
    remove_field => "message"
    remove_field => "host"
    remove_field => "_type"
    remove_field => "agent.ephemeral_id"
    remove_field => "agent.id"
  }
  mutate {
    copy => { "request_uri" => "service_source" }
  }
  mutate {
    split => { "service_source" => "/" }
    add_field => { "service" => "%{[service_source][1]}" }
    remove_field => [ "service_source" ]
  }
}
#output {
#  stdout {
#    codec => rubydebug
#  }
#}
output {
  elasticsearch {
    hosts => ["http://192.168.23.98:9200"]
    index => "logstash-service-%{+YYYY.MM.dd}"
  }
}


# 启动。 nohup bin/elasticsearch -d & 
ctdna@ctdnad21:~/elk/elasticsearch-7.11.1/config$ cat elasticsearch.yml
cluster.name: my-application
node.name: node-1
path.data: /home/ctdna/elk/elasticsearch-7.11.1/data
path.logs: /home/ctdna/elk/elasticsearch-7.11.1/logs
#bootstrap.memory_lock: true
network.host: 192.168.23.98
http.port: 9200
discovery.seed_hosts: ["192.168.23.98"]
cluster.initial_master_nodes: ["node-1"]
action.destructive_requires_name: true
ctdna@ctdnad21:~/elk/elasticsearch-7.11.1/config$ vim jvm.options




root@ctdnad21:/var/log/citydna# cat /etc/kibana/kibana.yml
server.port: 5601
server.name: kibana             #服务名称
server.host: "0"		#服务地址，0代表本机
elasticsearch.hosts: "http://192.168.23.98:9200"   #elasticsearch地址
xpack.monitoring.ui.container.elasticsearch.enabled: true
#i18n.locale: "zh-CN"		#中文汉化
/etc/kibana/kibana.yml


docker pull docker.elastic.co/kibana/kibana:7.11.1
docker run --name kibana -d -p 127.0.0.1:5601:5601 -e "ELASTICSEARCH_HOSTS=http://192.168.23.123:9200" docker.elastic.co/kibana/kibana:7.11.1

--volumes /etc/kibana/kibana.yml:/usr/share/kibana/config/kibana.yml