filebeat日志收集
admin
2023-02-26 10:01:09
0次
以nginx错误日志为例,演示日志处理流程
filebeat--logstash--es
filebeat--kafka--logstash--es
#filebeat使用systemd管理 /usr/lib/systemd/system/filebeat.service [Unit] Description=Filebeat Documentation=http://www.elastic.co Wants=network-online.target After=network-online.target [Service] ExecStart=/usr/local/filebeat/filebeat -c /usr/local/filebeat/filebeat.yml Restart=always [Install] WantedBy=multi-user.target
#logstash使用systemd管理 #如果有多个logstash配置文件,可以使用-f指定目录 /usr/lib/systemd/system/logstash.service [Unit] Description=logstash Documentation=http://www.elastic.co Wants=network-online.target After=network-online.target [Service] Environment=JAVA_HOME=/usr/java/jdk1.8.0_211 ExecStart=/usr/local/logstash/bin/logstash -f /usr/local/logstash/config/logstash.conf -l /usr/local/logstash/logs Restart=always [Install] WantedBy=multi-user.target
#启动nginx容器,映射日志目录 docker run -d --name=nginx --net=host -v /tmp/nginx_log:/var/log/nginx nginx
#nginx错误日志:
2019/09/21 17:00:08 [error] 7#7: *9 open() "/usr/share/nginx/html/api" failed (2: No such file or directory), client: 192.168.3.102, server: localhost, request: "GET /api HTTP/1.1", host: "192.168.3.100"
filebeat--logstash--es示例
#filebeat输出logstash示例
/usr/local/filebeat/filebeat.yml
filebeat.inputs:
- type: log
paths:
- /tmp/nginx_log/error.log
multiline.pattern: ^\d{4}/\d{2}/\d{2}\s\d{2}:\d{2}:\d{2}
#匹配nginx日志时间格式 2019/09/21 17:00:08
multiline.negate: true
multiline.match: after
exclude_files: [".gz$"]
tail_files: true
#增加输出字段,tags为数组形式,fields.id为键值对形式
tags: ["nginx-100"]
fields:
id: "nginx-100"
output.logstash:
hosts: ["192.168.3.100:5044","192.168.3.101:5044"]
loadbalance: true
#输出到单个logstash
#output.logstash:
# hosts: ["127.0.0.1:5044"]#logstash输出到es示例;根据fileds.id来划分索引
/usr/local/logstash/config/logstash.conf
input {
beats {
port => 5044
}
}
output {
elasticsearch {
hosts => ["http://192.168.3.100:9200","http://192.168.3.101:9200","http://192.168.3.102:9200"]
index => "%{[fields][id]}-%{+YYYY.MM.dd}"
user => "elastic"
password => "HkqZIHZsuXSv6B5OwqJ7"
}
}filebeat--kafka--logstash--es示例
#filebeat输出到kafka示例
/usr/local/filebeat/filebeat.yml
filebeat.inputs:
- type: log
paths:
- /tmp/nginx_log/error.log
multiline.pattern: ^\d{4}/\d{2}/\d{2}\s\d{2}:\d{2}:\d{2}
#匹配nginx日志时间格式 2019/09/21 17:00:08
multiline.negate: true
multiline.match: after
exclude_files: [".gz$"]
tail_files: true
#增加输出字段,tags为数组形式,fields.id为键值对形式
tags: ["nginx-kafka-100"]
fields:
id: "nginx-kafka-100"
output.kafka:
hosts: ["192.168.3.100:9092", "192.168.3.101:9092", "192.168.3.102:9092"]
topic: '%{[fields.id]}'
partition.round_robin:
reachable_only: false
required_acks: 1
compression: gzip
max_message_bytes: 1000000#kafka输出到es示例
/usr/local/logstash/config/logstash.conf
input {
kafka {
group_id => "logstash"
topics => ["nginx-kafka-100"]
bootstrap_servers => "192.168.3.100:9092,192.168.3.101:9092,192.168.3.102:9092"
consumer_threads => "1"
fetch_max_bytes => "26214400"
codec => plain
}
}
filter {
json {
source => "message"
}
}
output {
elasticsearch {
hosts => ["http://192.168.3.100:9200","http://192.168.3.101:9200","http://192.168.3.102:9200"]
index => "%{[fields][id]}-%{+YYYY.MM.dd}"
user => "elastic"
password => "HkqZIHZsuXSv6B5OwqJ7"
}
}参考:
https://www.elastic.co/guide/en/beats/filebeat/current/kafka-output.html
https://www.elastic.co/guide/en/beats/filebeat/current/logstash-output.html
https://www.elastic.co/guide/en/logstash/current/plugins-filters-json.html
相关内容
热门资讯
今日重磅消息“阳光巴厘岛.辅助...
有 亲,根据资深记者爆料阳光巴厘岛是可以开挂的,确实有挂(咨询软件无需打...
【今日要闻】“乐友棋牌.是不是...
【今日要闻】“乐友棋牌.是不是有挂?”太坑了果然有挂您好,乐友棋牌这个游戏其实有挂的,确实是有挂的,...
终于了解“快乐打筒子.怎么装挂...
有 亲,根据资深记者爆料快乐打筒子是可以开挂的,确实有挂(咨询软件无需打...
玩家最新攻略“琼戏互娱.究竟有...
您好:琼戏互娱这款游戏可以开挂,确实是有挂的,需要了解加客服微信【4282891】很多玩家在这款游戏...
终于了解“新九方炸金花.开挂器...
有 亲,根据资深记者爆料新九方炸金花是可以开挂的,确实有挂(咨询软件无需...
最新引进“新蓝鲸.到底有挂吗?...
有 亲,根据资深记者爆料新蓝鲸是可以开挂的,确实有挂(咨询软件无需打开直...
玩家攻略科普“中至上饶麻将.真...
您好:中至上饶麻将这款游戏可以开挂,确实是有挂的,需要了解加客服微信【9784099】很多玩家在这款...
【今日要闻】“花城牌舍.可以开...
有 亲,根据资深记者爆料花城牌舍是可以开挂的,确实有挂(咨询软件无需打开...
乌代表团与美欧举行系列会议,美...
当地时间12月21日,美国总统特使威特科夫表示,过去三天,乌克兰代表团在美国佛罗里达州与美国和欧洲伙...
终于懂了“新青鸟牛牛.怎么装挂...
您好:新青鸟牛牛这款游戏可以开挂,确实是有挂的,需要了解加客服微信【9752949】很多玩家在这款游...