FileBeat 安装

简介

安装准备

7.6.1版Linux安装

下载安装包

 # curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.6.1-x86_64.rpm
 # rpm -vi filebeat-7.6.1-x86_64.rpm
 # curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.6.1-linux-x86_64.tar.gz
 # tar xzvf filebeat-7.6.1-linux-x86_64.tar.gz

安装目录

类型 描述 默认位置 配置项
home Home of the Filebeat installation. path.home

bin|The location for the binary files.|{path.home}/bin|

config|The location for configuration files.|{path.home}|path.config

data|The location for persistent data files.|{path.home}/data|path.data

logs|The location for the logs created by Filebeat.|{path.home}/logs|path.logs

bin|The location for the binary files.|/usr/share/filebeat/bin

config|The location for configuration files.|/etc/filebeat

data|The location for persistent data files.|/var/lib/filebeat

logs|The location for the logs created by Filebeat.|/var/log/filebeat

bin|可执行文件目录.|{extract.path}

config|配置文件目录.|{extract.path}

data|持久化数据文件位置.|{extract.path}/data

logs|日志文件位置.|{extract.path}/logs

配置

filebeat.inputs:
- type: log
  enabled: true
  paths:
    - /var/log/*.log
 所有/var/log下以.log结尾的日志都会被filebeat harvest
 /var/log/*/*.log: 采集/var/log的子目录以.log结尾的日志,不采集/var/log下的日志,也不支持递归
output.elasticsearch:
  hosts: ["myEShost:9200"]
output.logstash:
  enabled: true

默认值为:true

output.logstash:
  hosts: ["127.0.0.1:5044","10.3.3.3:5044]

output.logstash:
  compression_level: 0

取值范围:0-9,默认值:3,  0-禁用gzip压缩,值越大压缩越好,网络开销小,但是cpu消耗高
output.logstash:
  escape_html: false

默认值:false

output.logstash:
  worker: 3

output.logstash:
  loadbalance: true
  hosts: ["127.0.0.1:5044","10.3.3.3:5044]
  index: filebeat

默认值为:false,当为false时,只有在一个主机不可用时,才会选择发送到其它logstash,如果为:true,进行负载
output.logstash:
  ttl: 0
默认值为:0,表示禁用

output.logstash:
  index: rds

默认为filebeat名称。例如,“filebeat”生成“[filebeat-]7.6.1-YYYY.MM.DD”索引(例如,“filebeat-7.6.1-2017.04.26”)
output.logstash:
  timeout: 30

默认值:30秒
output.logstash:
  bulk_max_size: 2048

The maximum number of events to bulk in a single Logstash request,默认值为:2048
output.logstash:
  backoff.init: 1

默认为:1秒钟,每失败一次会自动更增加,直至达到:backoff.max
output.logstash:
  backoff.max: 60

默认为:60秒
setup.kibana:
  host: "mykibanahost:5601"

如果es和kibana在同一个虚机上,不用配置此项

ES中加载index template

setup.template.name: "your_template_name"

setup.template.fields: "path/to/fields.yml"
setup.template.overwrite: true
setup.template.enabled: false
./filebeat setup --index-management -E output.logstash.enabled=false -E 'output.elasticsearch.hosts=["localhost:9200"]'
 ./filebeat export template > filebeat.template.json

启动filebeat

FileBeat 送ES样例

output.elasticsearch:
  hosts: ["http://localhost:9200"]
  indices:
    - index: "warning-%{[agent.version]}-%{+yyyy.MM.dd}"
      when.contains:
        message: "INFO"
    - index: "error-%{[agent.version]}-%{+yyyy.MM.dd}"
      when.contains:
        message: "ERR"

结语

-Filebeat中logstash 配置 -Filebeat中es 配置 -Filebeat中kafka 配置

回首页