Filebeat is a log file shipping tool, after you install the client on your server, the Filebeat will monitor the log directory or the specified log file, trace the files (tracking file changes, non-stop reading), And forwards these messages to Elasticsearch or Logstarsh.
When you turn on the Filebeat program, it launches one or more probes (prospectors) to detect the log directory or file you specify, and for each log file that the probe finds, Filebeat starts the harvesting process (harvester), Each harvest process reads the new contents of a log file and sends these new log data to the handler (spooler), which the handler aggregates these events, and finally Filebeat sends the collection of data to the location you specify.
Installation configuration:The installation configuration of the filebeat is very simple
1, downloadThe version used here is 5.5.2
2, define the log path configurationGo to the Decompression directory and modify the FILEBEAT.YML
- Input_type:log # Paths that should is crawled and fetched. Glob based paths. Paths: -/var/log/nginx/*. Log #-c:\programdata\elasticsearch\logs\* # Exclude_lines: ["^dbg"] #include_lines: ["^err", "^warn"]
Multiple paths can be configured here, and filtering with regular log extraction
3, output log path:Filebeat output can be available in multiple destinations, ES, Logstash
Elasticsearch
#--------------------------Elasticsearch output------------------------------#output. Elasticsearch: # Array of hosts to connect to. # hosts: ["localhost:9200"] # Optional protocol and Basic auth credentials. "https" "elastic" " Changeme "
Logstash
4, Start Logstash#-----------------------------Logstash Output--------------------------------output.logstash: # The Logstash hosts hosts: ["www.wenbronk.com:5044"]
Logstash and Filebeat Connectivity:Nohup./filebeat-c./filebeat.yml &
Here we take the Nginx log for example, Nginx installation can be seen:
Http://www.cnblogs.com/wenbronk/p/6557482.html
1. Configure Logstash and startinput { beats { "5044" }}output { stdout { = = rubydebug }}Start:
2. Configure Filebeat and start
3, then the browser is accessed, that is, you can see the output of the Logstash console, proving the connectivity' ^$ ' ' # '
Reference: http://www.ywnds.com/?p=9776
Filebeat-1-Unicom Logstash
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
