一、配置:logstash server 的配置文件
nano /etc/logstash/logstash.conf
##################################
# Sample Logstash configuration for creating a simple
# Beats -> Logstash -> Elasticsearch pipeline.
input {
beats {
port => 5044
}
}
filter {
grok {
match => {
"message" => "#%{data:request_time}#%{data:node_name}#%{data:class_name}#%{data:log_level}#%{data:call_site}#%{data:line_number}#%{data:request_url}#%{data:request_method}#%{data:container_name}#%{data:action_name}#%{data:log_info}#%{GREEDYdata:exception_msg}#"
}
}
}
output {
elasticsearch {
hosts => ["http://192.168.31.101:9200"]
index => "syslogs-%{+YYYY.MM.dd}"
#user => "elastic"
#password => "changeme"
}
}
#################################
二、配置:filebeat
sudo rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch nano /etc/yum.repos.d/elastic.repo ##################elastic.repo################### [elastic-7.x] name=Elastic repository for 7.x packages baseurl=https://artifacts.elastic.co/packages/7.x/yum gpgcheck=1 gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch enabled=1 autorefresh=1 type=rpm-md ###################################################
sudo yum install filebeat sudo systemctl enable filebeat nano /etc/filebeat/filebeat.yml ################filebeat.yml修改的地方##################### # ============================== Filebeat inputs =============================== filebeat.inputs: - type: log enabled: true paths: - /data/wwwroot/ELKWeb/logs/2020-11-20/nlog-all/*.log # ------------------------------ Logstash Output ------------------------------- output.logstash: # The Logstash hosts hosts: ["192.168.31.101:5044"] #############################################################
sudo systemctl restart filebeat sudo systemctl status filebeat
运行效果:
http://192.168.31.101:9200/_cat/indices?v
参考文献:Repositories for APT and YUM | Filebeat Reference [7.15] | Elastic
