1、官网下载filebeat-8.2
https://www.elastic.co/cn/downloads/beats/
2、配置
vim /usr/local/filebeat/filebeat.yml
# filestream is an input for collecting log messages from files.
- type: log
enabled: true
paths:
- /var/log/command.log
encoding: utf-8
fields:
app: kibana
type: user.audit
fields_under_root: true
# -------------------------------- Kafka Output --------------------------------
output.kafka:
hosts: ["kafka1:9092","kafka2:9092","kafka3:9092"]#这里填写kafka集群
topic: kibana #kafka主题
required_acks: 1
compression: gzip
max_message_bytes: 100000000
partition.hash:
reachable_only: true
# ================================= Processors =================================
processors:
- add_host_metadata:
when.not.contains.tags: forwarded
- add_cloud_metadata: ~
- add_docker_metadata: ~
- add_kubernetes_metadata: ~
- drop_fields:
fields: ["host","input","log","agent","ecs"]#填写需要删除的日志fileds
3、配置启动服务
vim /usr/lib/systemd/system/filebeat.service
[Unit]
Description=filebeat
[Service]
ExecStart=/usr/local/filebeat/filebeat -e -c /usr/local/filebeat/filebeat.yml
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure
[Install]
WantedBy=multi-user.target
重新加载服务
systemctl daemon-reload
启动filebeat
systemctl start filebeat
2441
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
