通过Filebeat抽取数据到logstash中,转存到ElasticSearch中,最后通过Kibana进行展示
https://www.ibm.com/developerworks/cn/opensource/os-cn-elk-filebeat/index.html?ca=drs-&utm_source=tuicool&utm_medium=referral
下载地址:https://www.elastic.co/downloads
注意版本对应
安装FileBeat(filebeat-6.0.0)
更改配置:
#=========================== Filebeat prospectors ============================= filebeat.prospectors: enabled: true paths: - /var/log/*.log - /usr/local/logs/SyncService/*.log #----------------------------- Logstash output -------------------------------- output.logstash: # The Logstash hosts hosts: ["192.168.46.160:5000"]
参照配置:https://www.elastic.co/guide/en/beats/filebeat/current/configuring-howto-filebeat.html
启动命令:nohup ./filebeat -e -c filebeat.yml &
安装logstash(logstash-6.0.0)
增加log4j_filebeat.conf
#=========================== Filebeat prospectors ============================= filebeat.prospectors: enabled: true paths: - /var/log/*.log - /usr/local/logs/SyncService/*.log #----------------------------- Logstash output -------------------------------- output.logstash: # The Logstash hosts hosts: ["192.168.46.160:5000"]
启动命令:bin/logstash -f config/log4j_filebeat.conf
安装elasticsearch(elasticsearch-6.0.0)
vi config/elasticsearch.yml
增加如下内容
cluster.name: myelk node.name: zk-datanode-01 path.data: /home/dinpay/data/es/data path.logs: /home/dinpay/data/es/logs network.host: zk-datanode-01 discovery.zen.ping.unicast.hosts: ["zk-datanode-01"] http.port: 9200