下面的包都是可以直接下包不用编译
配置过程从上到下:
cluster.name: test-es
node.name: ${HOSTNAME}
network.host: 10.10.2.67
http.port: 9200
discovery.seed_hosts: ["10.10.2.67"]
cluster.initial_master_nodes: ["test01s-Mac-mini.local"]
path.data: ${ES_HOME}/to/data
path.logs: ${ES_HOME}/to/logselasticsearch.hosts: ["http://10.10.2.67:9200"]
server.host: "10.10.2.67"
server.port: 5601input {
beats{
port => "5044"
}
}
filter {
grok {
match => { "message" => "%{COMBINEDAPACHELOG}"}
}
geoip {
source => "clientip"
}
}
output {
stdout { codec => rubydebug } #屏幕输出
elasticsearch { #elasticsearch 输出
hosts => [ "10.10.2.67:9200" ]
}
}
filebeat.inputs:
- type: log
enabled: true
paths:
#- /var/log/*.log
- /usr/local/logstash-7.1.1/logs/logstash-tutorial.log
output.logstash:
hosts: ["localhost:5044"]
filebeat.config.modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false #自动加载修改配置 关闭
setup.template.settings:
index.number_of_shards: 1
processors:
- add_host_metadata: ~
- add_cloud_metadata: ~
#output.elasticsearch: # 打开可以直接传到elastcsearch 不经过 logstash
# Array of hosts to connect to.
# hosts: ["10.10.2.67:9200"]
#============================== Kibana ===================================== 可以直接配置到kibana没试
# Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API.
# This requires a Kibana endpoint configuration.
setup.kibana:
# Kibana Host
# Scheme and port can be left out and will be set to the default (http and 5601)
# In case you specify and additional path, the scheme is required: http://localhost:5601/path
# IPv6 addresses should always be defined as: https://[2001:db8::1]:5601
#host: "localhost:5601"
# Kibana Space ID
# ID of the Kibana Space into which the dashboards should be loaded. By default,
# the Default Space will be used.
#space.id:
正常的流程应该是:
filebeat 搜集日志 -> logstash 存储, 过滤 -> elasticsearch 存储 二进制格式(to/data/nodes/0) -> kibana展示
原文:https://www.cnblogs.com/wanderingfish/p/10964117.html