filebeat
- 1.安装与配置
- 2. 测试
- 3. 自定义显示名字(模板)
1.安装与配置
下载地址
[root@server4 ~]# yum install -y httpd ##统计httpd/access_log日志
[root@server4 ~]# systemctl start httpd.service
[root@server4 ~]# cd /var/www/html/
[root@server4 html]# echo server4 > index.html
[root@server4 html]# chmod 755 /var/log/httpd/ ##权限,不然访问不到。必须可以读
[root@server3 ~]# curl 172.25.13.4/index.html ##别的主机访问,增加日志信息[root@server4 ~]# ll filebeat-7.6.1-x86_64.rpm
-rw-r--r-- 1 root root 24694569 Dec 15 21:21 filebeat-7.6.1-x86_64.rpm
[root@server4 ~]# rpm -ivh filebeat-7.6.1-x86_64.rpm
warning: filebeat-7.6.1-x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID d88e42b4: NOKEY
Preparing... ################################# [100%]
Updating / installing...1:filebeat-7.6.1-1 ################################# [100%]
[root@server4 ~]# cd /etc/filebeat/
[root@server4 filebeat]# ls
fields.yml filebeat.reference.yml filebeat.yml modules.d
[root@server4 filebeat]# vim filebeat.yml
[root@server4 filebeat]# systemctl start filebeat.service
[root@server4 filebeat]# ps ax 
2. 测试
3. 自定义显示名字(模板)
[root@server4 filebeat]# vim filebeat.yml
#-------------------------- Elasticsearch output ------------------------------
setup.template.name: "server4"
setup.template.pattern: "server4-*"
setup.ilm.enabled: false
output.elasticsearch:# Array of hosts to connect to.hosts: ["172.25.13.2:9200"]index: "server4-%{+yyyy.MM.dd}"
