首页 > 其他分享 >filebeat+elasticsearch+kibana

filebeat+elasticsearch+kibana

时间:2023-02-15 10:57:33浏览次数:39  
标签:index filebeat name setup fbeat kibana elasticsearch true

一、到elasticsearch官网下载 filebeat+elasticsearch+kibana

http://www.elasticsearch.cn/

 

二、新增fbeat用户

tar -xzvf filebeat-7.16.3-linux-x86_64.tar.gz -C /opt
cd /opt
mv filebeat-7.16.3-linux-x86_64 filebeat
groupadd -g 1004 fbeat
useradd -u 1004 fbeat -g 1004 -s /sbin/nologin -M
chown -R fbeat.fbeat filebeat

 

systemd纳管filebeat

cat <<efo> /usr/lib/systemd/system/filebeat.service
[Unit]
Description=filebeat 7.16.3
After=syslog.target network.target docker.service

[Service]
#Type=simple
User=fbeat
Group=fbeat
ExecStart=/opt/filebeat/filebeat -c /opt/filebeat/filebeat.yml
PrivateTmp=true

[Install]
WantedBy=multi-user.target

efo


systemctl daemon-reload

systemctl enable filebeat --now

filebeat.yml模板

filebeat.inputs:
- type: log
  enabled: true
  paths:
  #日志所在的路径
    - /usr/local/nginx/logs/*.log
  multiline.pattern: '^[0-9]{4}-[0-9]{2}-[0-9]{2}'
  multiline.negate: true
  multiline.match: after
  #给每个日志做个标识
  fields:
     source: index_name
  processors:
  - drop_fields:
      fields: ["container","host", "tags", "ecs", "prospector", "agent", "input", "beat", "offset","kubernetes"]
      ignore_missing: true
  clean_*: 48h
  close_*: 5m
  idle_timeout: 30s
  scan_frequency: 8s
filebeat.config.modules:
  # Glob pattern for configuration loading
  path: ${path.config}/modules.d/*.yml
  # Set to true to enable config reloading
  reload.enabled: false
  # Period on which files under path should be checked for changes
  #reload.period: 10s
#es配置的是集群,所以这里配置3
setup.template.settings:
  index.number_of_shards: 3
  index.number_of_replicas: 1
  #index.codec: best_compression
  #_source.enabled: false
setup.template.enabled: true
setup.template.overwrite: true
setup.template.name: "index_name-"
setup.template.pattern: "index_name-*"
setup.ilm.enabled: false
setup.kibana:
  host: ""           #kibana地址
output.elasticsearch:
  enabled: true
  hosts: [""]       #es地址
  indices:
    - index: "index_name-day-%{+yyyy.MM.dd}"     #索引模式名称
      when.equals:
        fields.source: "index_name"          #根据上面做的日志标识,创建相应日期的索引
processors:
  - add_host_metadata: ~
  - add_cloud_metadata: ~
  - add_docker_metadata: ~
  - add_kubernetes_metadata: ~

 

标签:index,filebeat,name,setup,fbeat,kibana,elasticsearch,true
From: https://www.cnblogs.com/hm1825/p/17121962.html

相关文章

赞助商

阅读排行

网站主页关于我们联系我们网站地图

本网站内容转载自其他媒体,侵权联系[admin##ips99.com]。

Copyright © 2020-2023 IPS99 版权所有 IPS99