1. 下载 & 解压
# 下载
wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.1.1-linux-x86_64.tar.gz
# 解压
tar xvf filebeat-7.1.1-linux-x86_64.tar.gz
# 软链
ln -s filebeat-7.1.1-linux-x86_64 filebeat
2. 配置 filebeat.yml
vim filebeat.yml
# 详情如下:
filebeat.inputs:
- type: log
enabled: true
paths:
- /data/action_log/*.log
scan_frequency: 10s
# 7.x的版本中需要禁用此索引生命周期,否则在指定es索引名字的时候会有问题
setup.ilm.enabled: false
# 添加模板配置,否则无法指定es的索引名
setup.template.name: "actionlog"
setup.template.pattern: "actionlog-*"
output.elasticsearch:
#worker: 1
#bulk_max_size: 1500
hosts: ["10.240.0.6:9200", "10.240.0.7:9200", "10.240.0.8:9200"]
index: "actionlog-%{+yyyy.MM.dd}"
#pipeline: "actionlog"
# Logging
logging.level: warning
logging.to_files: true
3. 启动
./filebeat -e -c filebeat.yml
参考
- https://www.cnblogs.com/cjsblog/p/9495024.html