zoukankan      html  css  js  c++  java

  • filebeat7.5 日志

    百度网盘 提取码: 6cvu

    解压 
tar -zxvf  filebeat-7.5.0-linux-x86_64.tar.gz

mv filebeat-7.5.0-linux-x86_64 /usr/local/filebeat



[root@localhost src]# cd /usr/local/filebeat/
[root@localhost filebeat]# ls
fields.yml              kibana       NOTICE.txt
filebeat                LICENSE.txt  README.md
filebeat.reference.yml  module
filebeat.yml            modules.d


 vim my.yml

filebeat.inputs:
- type: stdin
  enabled: true
setup.template.settings:
  index.number_of_shards: 3
output.console:
  pretty: true
  enable: true



[root@localhost filebeat]# ./filebeat -e -c my.yml


[root@localhost filebeat]# ./filebeat -e -c my.yml 
2020-07-04T03:48:20.189+0100	INFO	instance/beat.go:610	Home path: [/usr/local/filebeat] Config path: [/usr/local/filebeat] Data path: [/usr/local/filebeat/data] Logs path: [/usr/local/filebeat/logs]
2020-07-04T03:48:20.190+0100	INFO	instance/beat.go:618	Beat ID: 712a5cbe-d959-49e7-8d80-4c84cba7fa7d
2020-07-04T03:48:20.190+0100	INFO	[seccomp]	seccomp/seccomp.go:101	Syscall filter could not be installed because the kernel does not support seccomp
2020-07-04T03:48:20.190+0100	INFO	[beat]	instance/beat.go:941	Beat info	{"system_info": {"beat": {"path": {"config": "/usr/local/filebeat", "data": "/usr/local/filebeat/data", "home": "/usr/local/filebeat", "logs": "/usr/local/filebeat/logs"}, "type": "filebeat", "uuid": "712a5cbe-d959-49e7-8d80-4c84cba7fa7d"}}}
2020-07-04T03:48:20.190+0100	INFO	[beat]	instance/beat.go:950	Build info	{"system_info": {"build": {"commit": "6d0d0ae079e5cb1d4f224801ac6df926dfb1594c", "libbeat": "7.5.0", "time": "2019-11-26T00:06:12.000Z", "version": "7.5.0"}}}
2020-07-04T03:48:20.190+0100	INFO	[beat]	instance/beat.go:953	Go runtime info	{"system_info": {"go": {"os":"linux","arch":"amd64","max_procs":2,"version":"go1.12.12"}}}
2020-07-04T03:48:20.191+0100	INFO	[beat]	instance/beat.go:957	Host info	{"system_info": {"host": {"architecture":"x86_64","boot_time":"2020-07-03T01:21:03+01:00","containerized":false,"name":"localhost.localdomain","ip":["127.0.0.1/8","::1/128","10.0.2.15/24","fe80::a00:27ff:fe6c:3e95/64","192.168.55.10/24","fe80::a00:27ff:fe4d:f249/64"],"kernel_version":"3.10.0-327.4.5.el7.x86_64","mac":["08:00:27:6c:3e:95","08:00:27:4d:f2:49"],"os":{"family":"redhat","platform":"centos","name":"CentOS Linux","version":"7 (Core)","major":7,"minor":2,"patch":1511,"codename":"Core"},"timezone":"BST","timezone_offset_sec":3600,"id":"e147b422673549a3b4fda77127bd4bcd"}}}
2020-07-04T03:48:20.191+0100	INFO	[beat]	instance/beat.go:986	Process info	{"system_info": {"process": {"capabilities": {"inheritable":null,"permitted":["chown","dac_override","dac_read_search","fowner","fsetid","kill","setgid","setuid","setpcap","linux_immutable","net_bind_service","net_broadcast","net_admin","net_raw","ipc_lock","ipc_owner","sys_module","sys_rawio","sys_chroot","sys_ptrace","sys_pacct","sys_admin","sys_boot","sys_nice","sys_resource","sys_time","sys_tty_config","mknod","lease","audit_write","audit_control","setfcap","mac_override","mac_admin","syslog","wake_alarm","block_suspend"],"effective":["chown","dac_override","dac_read_search","fowner","fsetid","kill","setgid","setuid","setpcap","linux_immutable","net_bind_service","net_broadcast","net_admin","net_raw","ipc_lock","ipc_owner","sys_module","sys_rawio","sys_chroot","sys_ptrace","sys_pacct","sys_admin","sys_boot","sys_nice","sys_resource","sys_time","sys_tty_config","mknod","lease","audit_write","audit_control","setfcap","mac_override","mac_admin","syslog","wake_alarm","block_suspend"],"bounding":["chown","dac_override","dac_read_search","fowner","fsetid","kill","setgid","setuid","setpcap","linux_immutable","net_bind_service","net_broadcast","net_admin","net_raw","ipc_lock","ipc_owner","sys_module","sys_rawio","sys_chroot","sys_ptrace","sys_pacct","sys_admin","sys_boot","sys_nice","sys_resource","sys_time","sys_tty_config","mknod","lease","audit_write","audit_control","setfcap","mac_override","mac_admin","syslog","wake_alarm","block_suspend"],"ambient":null}, "cwd": "/usr/local/filebeat", "exe": "/usr/local/filebeat/filebeat", "name": "filebeat", "pid": 17355, "ppid": 4042, "seccomp": {"mode":"disabled"}, "start_time": "2020-07-04T03:48:19.890+0100"}}}
2020-07-04T03:48:20.191+0100	INFO	instance/beat.go:297	Setup Beat: filebeat; Version: 7.5.0
2020-07-04T03:48:20.191+0100	INFO	[publisher]	pipeline/module.go:97	Beat name: localhost.localdomain
2020-07-04T03:48:20.191+0100	WARN	beater/filebeat.go:152	Filebeat is unable to load the Ingest Node pipelines for the configured modules because the Elasticsearch output is not configured/enabled. If you have already loaded the Ingest Node pipelines or are using Logstash pipelines, you can ignore this warning.
2020-07-04T03:48:20.192+0100	INFO	[monitoring]	log/log.go:118	Starting metrics logging every 30s
2020-07-04T03:48:20.192+0100	INFO	instance/beat.go:429	filebeat start running.
2020-07-04T03:48:20.192+0100	INFO	registrar/registrar.go:145	Loading registrar data from /usr/local/filebeat/data/registry/filebeat/data.json
2020-07-04T03:48:20.192+0100	INFO	registrar/registrar.go:152	States Loaded from registrar: 1
2020-07-04T03:48:20.192+0100	WARN	beater/filebeat.go:368	Filebeat is unable to load the Ingest Node pipelines for the configured modules because the Elasticsearch output is not configured/enabled. If you have already loaded the Ingest Node pipelines or are using Logstash pipelines, you can ignore this warning.
2020-07-04T03:48:20.192+0100	INFO	crawler/crawler.go:72	Loading Inputs: 1
2020-07-04T03:48:20.192+0100	INFO	input/input.go:114	Starting input of type: stdin; ID: 11136643476161899408 
2020-07-04T03:48:20.192+0100	INFO	crawler/crawler.go:106	Loading and starting Inputs completed. Enabled inputs: 1
2020-07-04T03:48:20.192+0100	INFO	log/harvester.go:251	Harvester started for file: -
hello
{
  "@timestamp": "2020-07-04T02:48:25.312Z",
  "@metadata": {
    "beat": "filebeat",
    "type": "_doc",
    "version": "7.5.0"
  },
  "log": {
    "offset": 0,
    "file": {
      "path": ""
    }
  },
  "message": "hello",
  "input": {
    "type": "stdin"
  },
  "host": {
    "name": "localhost.localdomain"
  },
  "agent": {
    "ephemeral_id": "2c6ab758-9db1-461a-9a1a-56757130ca43",
    "hostname": "localhost.localdomain",
    "id": "712a5cbe-d959-49e7-8d80-4c84cba7fa7d",
    "version": "7.5.0",
    "type": "filebeat"
  },
  "ecs": {
    "version": "1.1.0"
  }
}
2020-07-04T03:48:26.321+0100	ERROR	file/states.go:112	State for  should have been dropped, but couldn't as state is not finished.

      

    读取文件日志 

    vim log.yml 

    filebeat.inputs:
- type: log
  enabled: true
  paths:
    - /phpwww/directory/storage/logs/*.log
setup.template.settings:
  index.number_of_shards: 3
output.console:
  pretty: true
  enable: true

      

    ./filebeat -e -c log.yml -d "publish"

    输出到elasticsearch 

    filebeat.inputs:
- type: log
  enabled: true
  paths:
    - /phpwww/directory/storage/logs/*.log
setup.template.settings:
  index.number_of_shards: 3
output.elasticsearch: #指定ES的配置
  hosts: ["192.168.55.10:9200"]

      
  • 相关阅读:
    html之长文本框置顶
    Red Hat Enterprise Linux Server 6.5安装GCC 4.9.2
    精通正则表达式
    解决UNION ALL合并两个结果集后排序的问题
    ELK搭建日志管理系统记录
    Spring Boot使用@ConfigurationProperties 读取自定义的properties的方法
    maven配置profile,按指定环境打包
    java自定义标签,tld文件,获取数据字典的值
    JAVA实现RSA签名、验签
    jquery.validate.js中的remote用法
  • 原文地址:https://www.cnblogs.com/brady-wang/p/13234819.html
Copyright © 2011-2022 走看看