下载安装包解压
curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.8.1-linux-x86_64.tar.gz
tar xzvf filebeat-7.8.1-linux-x86_64.tar.gz
编辑配置文件
cat /data/app/filebeat/filebeat-7.8.1-linux-x86_64/filebeat.yml
filebeat.inputs:
- type: container
enabled: true
paths: '/var/lib/docker/containers/*/*.log'
# multiline.pattern: '^[0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2}'
# multiline.match: after
# multiline.negate: true
# multiline.max_lines: 10000
# json.keys_under_root: true
# json.add_error_key: true
# json.message_key: log
filebeat.config:
modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
output.elasticsearch:
hosts: '192.168.101.80:9200'
username: "elastic"
password: "qvz6pguDN8FYcZSgslRA"
index: "sit-carcharging-logs-%{+yyyy.MM.dd}"
setup.template.settings:
index.number_of_shards: 1
setup.template.enabled: true
setup.template.name: "sit-car-charging-logs"
setup.template.pattern: "sit-car-charging-logs-*"
setup.ilm.enabled: false
setup.kibana:
setup.ilm.enabled: false
setup.ilm.rollover_alias: "sit-car-charging-logs"
setup.ilm.pattern: "{now/d}-000001"
processors:
- add_host_metadata:
when.not.contains.tags: forwarded
- add_cloud_metadata: ~
- add_docker_metadata: ~
- add_kubernetes_metadata: ~
添加systemd file
cat /usr/lib/systemd/system/filebeat.service
[Unit]
Description=Filebeat
Documentation=https://www.elastic.co/guide/en/beats/filebeat/current/index.html
Wants=network-online.target
After=network-online.target
[Service]
User=root
Group=root
ExecStart=/data/app/filebeat/filebeat-7.8.1-linux-x86_64/filebeat -c /data/app/filebeat/filebeat-7.8.1-linux-x86_64/filebeat.yml
Restart=always
[Install]
WantedBy=multi-user.target
重载开机自启
systemctl daemon-reload
systemctl start filebeat
systemctl enable filebeat
