阿里云配置logstash+filebeat跨服务器与启动

最新推荐文章于 2023-11-07 14:11:00 发布

limiry

最新推荐文章于 2023-11-07 14:11:00 发布

阅读量742

点赞数

分类专栏： elk 文章标签： elasticsearch linux

本文链接：https://blog.csdn.net/weixin_43225116/article/details/107767704

版权

elk 专栏收录该内容

1 篇文章 0 订阅

订阅专栏

阿里云搭建logsatsh+filebeat

部署logstash配置
- logstash配置loaf文件启动
- logstash启动
部署filebeat配置
- filebeat配置
- filebeat启动

部署logstash配置

logstash配置loaf文件启动

input {
# 从文件读取日志信息输送到控制台
beats {
port => “5044”
}
#file {
# path => “/tools/tomcat/apache-tomcat-8.5.46/bin/log/sys.log”
#codec => “json” ## 以JSON格式读取日志
# type => “elasticsearch”
# start_position => “beginning”
#}
}
output {
# 标准输出
# stdout {}
# 输出进行格式化，采用Ruby库来解析日志
stdout { codec => rubydebug }
}

logstash启动

1.默认配置了5044端口，使用阿里云服务器需添加安全组规则，开启对应端口
进入bin目录，启动命令：

./logstash -f …/config/XX.conf

部署filebeat配置

filebeat配置

1.配置filebeat.yml，配置input输入，修改paths为目录提取源路径

// An highlighted block
#=========================== Filebeat inputs =============================

filebeat.inputs:

# Each - is an input. Most options can be set at the input level, so
# you can use different inputs for various configurations.
# Below are the input specific configurations.

- type: log

  # Change to true to enable this input configuration.
  enabled: true

  # Paths that should be crawled and fetched. Glob based paths.
  paths:
    - /tools/tomcat/apache-tomcat-8.5.46/bin/log/sys.log
    #- c:\programdata\elasticsearch\logs\*

  # Exclude lines. A list of regular expressions to match. It drops the lines that are
  # matching any regular expression from the list.
  #exclude_lines: ['^DBG']

2.filebeat默认传输到elasticsearch，所以需要注释掉这一部分代码
下面展示一些 内联代码片。

#==================== Elasticsearch template setting ==========================

#setup.template.settings:
 # index.number_of_shards: 3
  #index.codec: best_compression
  #_source.enabled: false

3.输出项有几种输出方式，同样需要注释掉elasticsearch部分代码

#-------------------------- Elasticsearch output ------------------------------
#output.elasticsearch:
  # Array of hosts to connect to.
 #hosts: ["localhost:9200"]

  # Optional protocol and basic auth credentials.
  #protocol: "https"
  #username: "elastic"
  #password: "changeme"

#----------------------------- Logstash output --------------------------------
output.logstash:
  # The Logstash hosts
  hosts: ["logstash服务器ip:5044"]

  # Optional SSL. By default is off.
  # List of root certificates for HTTPS server verifications
  #ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]

  # Certificate for SSL client authentication
  #ssl.certificate: "/etc/pki/client/cert.pem"

  # Client Certificate Key
  #ssl.key: "/etc/pki/client/cert.key"