百度网盘 提取码: 6cvu

解压

tar -zxvf  filebeat-7.5.0-linux-x86_64.tar.gz

mv filebeat-7.5.0-linux-x86_64 /usr/local/filebeat

[root@localhost src]# cd /usr/local/filebeat/

[root@localhost filebeat]# ls

fields.yml              kibana       NOTICE.txt

filebeat                LICENSE.txt  README.md

filebeat.reference.yml  module

filebeat.yml            modules.d

 vim my.yml

filebeat.inputs:

- type: stdin

  enabled: true

setup.template.settings:

  index.number_of_shards: 3

output.console:

  pretty: true

  enable: true

[root@localhost filebeat]# ./filebeat -e -c my.yml

[root@localhost filebeat]# ./filebeat -e -c my.yml

2020-07-04T03:48:20.189+0100	INFO	instance/beat.go:610	Home path: [/usr/local/filebeat] Config path: [/usr/local/filebeat] Data path: [/usr/local/filebeat/data] Logs path: [/usr/local/filebeat/logs]

2020-07-04T03:48:20.190+0100	INFO	instance/beat.go:618	Beat ID: 712a5cbe-d959-49e7-8d80-4c84cba7fa7d

2020-07-04T03:48:20.190+0100	INFO	[seccomp]	seccomp/seccomp.go:101	Syscall filter could not be installed because the kernel does not support seccomp

2020-07-04T03:48:20.190+0100	INFO	[beat]	instance/beat.go:941	Beat info	{"system_info": {"beat": {"path": {"config": "/usr/local/filebeat", "data": "/usr/local/filebeat/data", "home": "/usr/local/filebeat", "logs": "/usr/local/filebeat/logs"}, "type": "filebeat", "uuid": "712a5cbe-d959-49e7-8d80-4c84cba7fa7d"}}}

2020-07-04T03:48:20.190+0100	INFO	[beat]	instance/beat.go:950	Build info	{"system_info": {"build": {"commit": "6d0d0ae079e5cb1d4f224801ac6df926dfb1594c", "libbeat": "7.5.0", "time": "2019-11-26T00:06:12.000Z", "version": "7.5.0"}}}

2020-07-04T03:48:20.190+0100	INFO	[beat]	instance/beat.go:953	Go runtime info	{"system_info": {"go": {"os":"linux","arch":"amd64","max_procs":2,"version":"go1.12.12"}}}

2020-07-04T03:48:20.191+0100	INFO	[beat]	instance/beat.go:957	Host info	{"system_info": {"host": {"architecture":"x86_64","boot_time":"2020-07-03T01:21:03+01:00","containerized":false,"name":"localhost.localdomain","ip":["127.0.0.1/8","::1/128","10.0.2.15/24","fe80::a00:27ff:fe6c:3e95/64","192.168.55.10/24","fe80::a00:27ff:fe4d:f249/64"],"kernel_version":"3.10.0-327.4.5.el7.x86_64","mac":["08:00:27:6c:3e:95","08:00:27:4d:f2:49"],"os":{"family":"redhat","platform":"centos","name":"CentOS Linux","version":"7 (Core)","major":7,"minor":2,"patch":1511,"codename":"Core"},"timezone":"BST","timezone_offset_sec":3600,"id":"e147b422673549a3b4fda77127bd4bcd"}}}

2020-07-04T03:48:20.191+0100	INFO	[beat]	instance/beat.go:986	Process info	{"system_info": {"process": {"capabilities": {"inheritable":null,"permitted":["chown","dac_override","dac_read_search","fowner","fsetid","kill","setgid","setuid","setpcap","linux_immutable","net_bind_service","net_broadcast","net_admin","net_raw","ipc_lock","ipc_owner","sys_module","sys_rawio","sys_chroot","sys_ptrace","sys_pacct","sys_admin","sys_boot","sys_nice","sys_resource","sys_time","sys_tty_config","mknod","lease","audit_write","audit_control","setfcap","mac_override","mac_admin","syslog","wake_alarm","block_suspend"],"effective":["chown","dac_override","dac_read_search","fowner","fsetid","kill","setgid","setuid","setpcap","linux_immutable","net_bind_service","net_broadcast","net_admin","net_raw","ipc_lock","ipc_owner","sys_module","sys_rawio","sys_chroot","sys_ptrace","sys_pacct","sys_admin","sys_boot","sys_nice","sys_resource","sys_time","sys_tty_config","mknod","lease","audit_write","audit_control","setfcap","mac_override","mac_admin","syslog","wake_alarm","block_suspend"],"bounding":["chown","dac_override","dac_read_search","fowner","fsetid","kill","setgid","setuid","setpcap","linux_immutable","net_bind_service","net_broadcast","net_admin","net_raw","ipc_lock","ipc_owner","sys_module","sys_rawio","sys_chroot","sys_ptrace","sys_pacct","sys_admin","sys_boot","sys_nice","sys_resource","sys_time","sys_tty_config","mknod","lease","audit_write","audit_control","setfcap","mac_override","mac_admin","syslog","wake_alarm","block_suspend"],"ambient":null}, "cwd": "/usr/local/filebeat", "exe": "/usr/local/filebeat/filebeat", "name": "filebeat", "pid": 17355, "ppid": 4042, "seccomp": {"mode":"disabled"}, "start_time": "2020-07-04T03:48:19.890+0100"}}}

2020-07-04T03:48:20.191+0100	INFO	instance/beat.go:297	Setup Beat: filebeat; Version: 7.5.0

2020-07-04T03:48:20.191+0100	INFO	[publisher]	pipeline/module.go:97	Beat name: localhost.localdomain

2020-07-04T03:48:20.191+0100	WARN	beater/filebeat.go:152	Filebeat is unable to load the Ingest Node pipelines for the configured modules because the Elasticsearch output is not configured/enabled. If you have already loaded the Ingest Node pipelines or are using Logstash pipelines, you can ignore this warning.

2020-07-04T03:48:20.192+0100	INFO	[monitoring]	log/log.go:118	Starting metrics logging every 30s

2020-07-04T03:48:20.192+0100	INFO	instance/beat.go:429	filebeat start running.

2020-07-04T03:48:20.192+0100	INFO	registrar/registrar.go:145	Loading registrar data from /usr/local/filebeat/data/registry/filebeat/data.json

2020-07-04T03:48:20.192+0100	INFO	registrar/registrar.go:152	States Loaded from registrar: 1

2020-07-04T03:48:20.192+0100	WARN	beater/filebeat.go:368	Filebeat is unable to load the Ingest Node pipelines for the configured modules because the Elasticsearch output is not configured/enabled. If you have already loaded the Ingest Node pipelines or are using Logstash pipelines, you can ignore this warning.

2020-07-04T03:48:20.192+0100	INFO	crawler/crawler.go:72	Loading Inputs: 1

2020-07-04T03:48:20.192+0100	INFO	input/input.go:114	Starting input of type: stdin; ID: 11136643476161899408

2020-07-04T03:48:20.192+0100	INFO	crawler/crawler.go:106	Loading and starting Inputs completed. Enabled inputs: 1

2020-07-04T03:48:20.192+0100	INFO	log/harvester.go:251	Harvester started for file: -

hello

{

  "@timestamp": "2020-07-04T02:48:25.312Z",

  "@metadata": {

    "beat": "filebeat",

    "type": "_doc",

    "version": "7.5.0"

  },

  "log": {

    "offset": 0,

    "file": {

      "path": ""

    }

  },

  "message": "hello",

  "input": {

    "type": "stdin"

  },

  "host": {

    "name": "localhost.localdomain"

  },

  "agent": {

    "ephemeral_id": "2c6ab758-9db1-461a-9a1a-56757130ca43",

    "hostname": "localhost.localdomain",

    "id": "712a5cbe-d959-49e7-8d80-4c84cba7fa7d",

    "version": "7.5.0",

    "type": "filebeat"

  },

  "ecs": {

    "version": "1.1.0"

  }

}

2020-07-04T03:48:26.321+0100	ERROR	file/states.go:112	State for  should have been dropped, but couldn't as state is not finished.

  

读取文件日志

vim log.yml

filebeat.inputs:

- type: log

  enabled: true

  paths:

    - /phpwww/directory/storage/logs/*.log

setup.template.settings:

  index.number_of_shards: 3

output.console:

  pretty: true

  enable: true

  

./filebeat -e -c log.yml -d "publish"

输出到elasticsearch

filebeat.inputs:

- type: log

  enabled: true

  paths:

    - /phpwww/directory/storage/logs/*.log

setup.template.settings:

  index.number_of_shards: 3

output.elasticsearch: #指定ES的配置

  hosts: ["192.168.55.10:9200"]

  

filebeat7.5 日志的更多相关文章

  1. Filebeat7 Kafka Gunicorn Flask Web应用程序日志采集

    本文的内容 如何用filebeat kafka es做一个好用,好管理的日志收集工具 放弃logstash,使用elastic pipeline gunicron日志格式与filebeat/es配置 ...

  2. Docker部署ELK 日志归集

    ELK ELK是Elasticsearch.Logstash.Kibana的缩写,使用ELK的原因是因为公司使用Spring cloud部署了多个微服务,不同的微服务有不同的日志文件,当生产上出现问题 ...

  3. docker方式部署elk日志搜索平台

    Docker部署ELKF操作文档 前提介绍 1.之前搭建elk+f+k使用原生系统软件安装方式,由于docker镜像日趋成熟,docker官网和elastic官网都有相关镜像和各自安装文档可供参考,各 ...

  4. ELKBR部署检测项目日志

    ELK filebeat:具有日志收集功能,相比logstash,+filebeat更轻量,占用资源更少,适合客户端使用. redis消息队列选型:Redis 服务器通常都是用作 NoSQL 数据库, ...

  5. 通过Filebeat把日志传入到Elasticsearch

    学习的地方:配置文件中预先处理字段数据的用法 通过Filebeat把日志传入到Elasticsearch Elastic Stack被称之为ELK (Elasticsearch,Logstash an ...

  6. centos7.6使用 supervisor 对filebeat7.3.1进程进行管理

    centos7.6使用 supervisor 对filebeat7.3.1进程进行管理 Supervisor 是一个 Python 开发的 client/server 系统,可以管理和监控类 UNIX ...

  7. filebeat获取nginx的access日志配置

    filebeat获取nginx的access日志配置 产生nginx日志的服务器即生产者服务器配置: 拿omp.chinasoft.com举例: .nginx.conf主配置文件添加日志格式 log_ ...

  8. filebeat开启自带模块收集日志如何辨别日志来源等

    filebeat启动自带模块后,日志先输出到Redis中 比如开启了system模块日志和redis模块日志 在Redis中查看收集过来的日志时,可以看到如下的这些信息 system日志信息 { &q ...

  9. ELK7.4.0分析nginx json日志

    ELK7.4.0单节点部署 环境准备 安装系统,数据盘设置为/srv 内核优化参考 我们需要创建elk专用的账号,并创建所需要的目录并授权 useradd elk; mkdir /srv/{app,d ...

随机推荐

  1. Appium之启动第一个App

    搭建appium自动化环境真是各种问题呀. 如何启动在真机上启动App? 执行操作:操作Android真机上打开手机淘宝app,并搜索“熊猫”. 脚本源码如下: from appium import ...

  2. wsl 修改默认安装路径

    如果已经装了,先删除 mklink /j C:\Users\XXXX\AppData\Local\Packages\CanonicalGroupLimited.UbuntuonWindows_79rh ...

  3. 吴恩达《深度学习》-第一门课 (Neural Networks and Deep Learning)-第四周:深层神经网络(Deep Neural Networks)-课程笔记

    第四周:深层神经网络(Deep Neural Networks) 4.1 深层神经网络(Deep L-layer neural network) 有一些函数,只有非常深的神经网络能学会,而更浅的模型则 ...

  4. 升级微服务架构1:搭建Eureka Server服务中心

    Spring Cloud中使用Eureka来做服务注册和发现,来统一管理微服务实例. 1.使用IDEA创建一个空的Maven项目做父模块 (也可以不用父项目,所有模块都用平行结构) 删除父模块src文 ...

  5. Docker镜像构建的两种方式(六)

    镜像构建介绍 在什么情况下我们需要自己构建镜像那? (1)当我们找不到现有的镜像,比如自己开发的应用程序 (2)需要在镜像中加入特定的功能 docker构建镜像有两种方式:docker commit命 ...

  6. 谈谈 Java 中的那些“琐”事

    一.公平锁&非公平锁 是什么 公平锁:线程按照申请锁的顺序来获取锁:在并发环境中,每个线程都会被加到等待队列中,按照 FIFO 的顺序获取锁. 非公平锁:线程不按照申请锁的顺序来获取锁:一上来 ...

  7. solr综合案例

    1.  综合案例 1.1. 需求 使用Solr实现电商网站中商品信息搜索功能,可以根据关键字.分类.价格搜索商品信息,也可以根据价格进行排序,并且实现分页功能. 界面如下: 1.2分析 开发人员需要的 ...

  8. uni-app开发注意事项

    关于vue 1.注意 如果使用老版的非自定义组件模式,即manifest中"usingComponents":false,部分模版语法不支持,但此模式已于2019年11月起下线. ...

  9. 数据结构 - 堆(Heap)

    数据结构 - 堆(Heap) 1.堆的定义 堆的形式满足完全二叉树的定义: 若 i < ceil(n/2) ,则节点i为分支节点,否则为叶子节点 叶子节点只可能在最大的两层出现,而最大层次上的叶 ...

  10. 靠这些秋招秘笈,齐姐的学妹今年已经拿到了 8 个offer!

    小齐说: 现在秋招进行时,正在找工作的小伙伴进度都怎么样了呀? 今天这篇文章是我武大的学妹今年秋招的经验分享,庆妹去年才决定转行,现在已手握 N+ 个 offer - 这篇文章干货满满,庆妹对每一块面 ...