filebeat 真烦人

root@unuse-tsar:/app/elk/filebeat-7.4.2-linux-x86_64# egrep -v "^.*#|^$" filebeat.yml 
filebeat.inputs:
- type: log
  enabled: true
  paths:
    - /var/log/*.log
filebeat.config.modules:
  path: ${path.config}/modules.d/*.yml
  reload.enabled: true
setup.template.settings:
  index.number_of_shards: 1
setup.kibana:
  host: "192.168.174.30:4601"
  setup.dashboards.index: "nginx-*"
setup.template.json.name: "nginx"
setup.template.pattern: "nginx-*"
setup.template.overwrite: true
setup.ilm.enabled: auto
setup.ilm.rollover_alias: "access-nginx-%{+yyyy.MM.dd}"
setup.ilm.pattern: "nginx-%{+yyyy.MM.dd}" 
output.elasticsearch:
  hosts: ["192.168.174.30:8200"]
  indices:
    - index: "nginx-%{+yyyy.MM.dd}"
      when.contains:
        type: "nginx"
processors:
  - add_host_metadata: ~
  - add_cloud_metadata: ~

然后去启动:./filebeat -e  

启动后会创建索引

filebeat的使用

配置nginx

root@unuse-tsar:/app/elk/filebeat-7.4.2-linux-x86_64# ./filebeat modules enable nginx
Enabled nginx
root@unuse-tsar:/app/elk/filebeat-7.4.2-linux-x86_64# cat modules.d/nginx.yml 
- module: nginx
  access:
    enabled: true
    var.paths: ["/path/to/log/nginx/access.log"]
  error:
    enabled: true

 配置filebeat.yml

 1 filebeat.inputs:
 2 - type: log
 3   enabled: false
 4   paths:
 5     - /var/log/nginx/*.log
 6 filebeat.config.modules:
 7   path: ${path.config}/modules.d/*.yml
 8   reload.enabled: true
 9 setup.template.enabled: false
10 setup.template.settings:
11   index.number_of_shards: 1
12 setup.kibana:
13   host: "192.168.174.30:4601"
14   setup.dashboards.index: "nginx-*"
15 setup.ilm.enabled: auto
16 setup.template.json.enabled: true
17 setup.template.json.name: "nginx"
18 setup.ilm.rollover_alias: "nginx-%{+yyyy.MM.dd}"
19 setup.ilm.pattern: "nginx-*" 
20 output.elasticsearch:
21   hosts: ["192.168.174.30:8200"]
22   indices:
23     - index: "nginx-%{+yyyy.MM.dd}"
24       when.contains:
25         server.type: "nginx"
26     - index: "system-%{+yyyy.MM.dd}"
27       when.contains:
28         server.type: "system"
29 processors:
30   - add_host_metadata: ~
31   - add_cloud_metadata: ~

配置elasticsearch index

root@unuse-tsar:/app/elk/filebeat-7.4.2-linux-x86_64# ./filebeat setup --index-management -E output.logstash.enabled=false -E 'output.elasticsearch.hosts=["192.168.174.30:8200"]'

配置kibana dashboards

root@unuse-tsar:/app/elk/filebeat-7.4.2-linux-x86_64# ./filebeat setup --dashboards
【推广】 免费学中医,健康全家人
原文地址:https://www.cnblogs.com/-xuan/p/11842468.html