zoukankan      html  css  js  c++  java

  • filebeat 真烦人

    root@unuse-tsar:/app/elk/filebeat-7.4.2-linux-x86_64# egrep -v "^.*#|^$" filebeat.yml 
filebeat.inputs:
- type: log
  enabled: true
  paths:
    - /var/log/*.log
filebeat.config.modules:
  path: ${path.config}/modules.d/*.yml
  reload.enabled: true
setup.template.settings:
  index.number_of_shards: 1
setup.kibana:
  host: "192.168.174.30:4601"
  setup.dashboards.index: "nginx-*"
setup.template.json.name: "nginx"
setup.template.pattern: "nginx-*"
setup.template.overwrite: true
setup.ilm.enabled: auto
setup.ilm.rollover_alias: "access-nginx-%{+yyyy.MM.dd}"
setup.ilm.pattern: "nginx-%{+yyyy.MM.dd}" 
output.elasticsearch:
  hosts: ["192.168.174.30:8200"]
  indices:
    - index: "nginx-%{+yyyy.MM.dd}"
      when.contains:
        type: "nginx"
processors:
  - add_host_metadata: ~
  - add_cloud_metadata: ~

    然后去启动:./filebeat -e  

    启动后会创建索引

    filebeat的使用

    配置nginx

    root@unuse-tsar:/app/elk/filebeat-7.4.2-linux-x86_64# ./filebeat modules enable nginx
Enabled nginx
root@unuse-tsar:/app/elk/filebeat-7.4.2-linux-x86_64# cat modules.d/nginx.yml 
- module: nginx
  access:
    enabled: true
    var.paths: ["/path/to/log/nginx/access.log"]
  error:
    enabled: true

     配置filebeat.yml

     1 filebeat.inputs:
 2 - type: log
 3   enabled: false
 4   paths:
 5     - /var/log/nginx/*.log
 6 filebeat.config.modules:
 7   path: ${path.config}/modules.d/*.yml
 8   reload.enabled: true
 9 setup.template.enabled: false
10 setup.template.settings:
11   index.number_of_shards: 1
12 setup.kibana:
13   host: "192.168.174.30:4601"
14   setup.dashboards.index: "nginx-*"
15 setup.ilm.enabled: auto
16 setup.template.json.enabled: true
17 setup.template.json.name: "nginx"
18 setup.ilm.rollover_alias: "nginx-%{+yyyy.MM.dd}"
19 setup.ilm.pattern: "nginx-*" 
20 output.elasticsearch:
21   hosts: ["192.168.174.30:8200"]
22   indices:
23     - index: "nginx-%{+yyyy.MM.dd}"
24       when.contains:
25         server.type: "nginx"
26     - index: "system-%{+yyyy.MM.dd}"
27       when.contains:
28         server.type: "system"
29 processors:
30   - add_host_metadata: ~
31   - add_cloud_metadata: ~

    配置elasticsearch index

    root@unuse-tsar:/app/elk/filebeat-7.4.2-linux-x86_64# ./filebeat setup --index-management -E output.logstash.enabled=false -E 'output.elasticsearch.hosts=["192.168.174.30:8200"]'

    配置kibana dashboards

    root@unuse-tsar:/app/elk/filebeat-7.4.2-linux-x86_64# ./filebeat setup --dashboards
  • 相关阅读:
    java面向对象
    java 继承
    .net的 http 请求 利用单例减少创建销毁的资源开销 提高利用率
    net core 3.1 swagger文档添加 不用xml配置
    vs code 配置 golang 环境
    .net 使用RabbitMQ demo
    Centos7 上安装配置 RabbitMQ
    C# .net 获取程序运行的路径的几种方法
    c# Windows服务应用程序的创建、安装和卸载
    XCOPY命令 windows 一个文件夹里的文件 快速移到另一个磁盘里
  • 原文地址:https://www.cnblogs.com/-xuan/p/11842468.html
Copyright © 2011-2022 走看看