filebeat收集日志

1. 下载filebeat

   curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-5.5.2-x86_64.rpm
2. 安装
   rpm -ivh filebeat-5.5.2-x86_64.rpm 

3. 配置filebeat.yml

filebeat.prospectors:
- input_type: log
  paths:
    - /var/log/*.log

output.elasticsearch:  

  hosts: ["10.10.10.11:9200"]

4. 启动

[[email protected] filebeat]# /etc/init.d/filebeat start
Starting filebeat (via systemctl):                         [  OK  ]

5. 导入index

[[email protected] filebeat]# ./scripts/import_dashboards -only-index
Created temporary directory /tmp/tmp753007428
Downloading https://artifacts.elastic.co/downloads/beats/beats-dashboards/beats-dashboards-5.5.2.zip
Unzip archive /tmp/tmp753007428
Importing Kibana from /tmp/tmp753007428/beats-dashboards-5.5.2/filebeat
Import directory /tmp/tmp753007428/beats-dashboards-5.5.2/filebeat/index-pattern
Import index to /.kibana/index-pattern/filebeat-* from /tmp/tmp753007428/beats-dashboards-5.5.2/filebeat/index-pattern/filebeat.json


Importing Kibana from /tmp/tmp753007428/beats-dashboards-5.5.2/heartbeat
Importing Kibana from /tmp/tmp753007428/beats-dashboards-5.5.2/metricbeat
Importing Kibana from /tmp/tmp753007428/beats-dashboards-5.5.2/packetbeat
Importing Kibana from /tmp/tmp753007428/beats-dashboards-5.5.2/winlogbeat

6. 创建index

7. 查看日志