• notice
  • Congratulations on the launch of the Sought Tech site

Filebeat combines logstash for log processing into elasticsearch

Enter the filebeat directory, add the nginxlog.yml configuration file, the configuration is as follows, mainly modify the log directory address under paths and set output to the IP port address of logstash.

user@u007:/opt/filebeat/filebeat-7.7.1-linux-x86_64$ cat nginxlog.yml
filebeat.inputs:
-type: log
  enabled: true
  paths:
    -/opt/nginxlog/*.log
filebeat.config.modules:
  path: ${path.config}/modules.d/*.yml
  reload.enabled: true
setup.template.settings:
  index.number_of_shards: 6
output.logstash:
  hosts: ["10.21.45.25:5044"]
#Start filebeat while using public output log
user@u007:/opt/filebeat/filebeat-7.7.1-linux-x86_64$./filebeat -e -c nginxlog.yml -d "publish"

Enter the logstash directory, add the nginxlog.conf configuration file under config, set the beats port of the data input source, and set the output to the elasticsearch host list, and specify the index name.

user@u007:/opt/logstash/logstash-7.7.1$ cat config/nginxlog.conf
# Sample Logstash configuration for creating a simple
# Beats -> Logstash -> Elasticsearch pipeline.
input {
  beats {
    port => 5044
  }
}
output {
  elasticsearch {
    hosts => ["http://192.168.11.11:9200", "http://192.168.11.12:9200" ,"http://192.168.11.13:9200"]
    index => "nginxlog-%{+YYYY.MM.dd}"
  }
stdout {
    codec=> rubydebug
  }
}
#Start logstash
user@u007:/opt/logstash/logstash-7.7.1$ bin/logstash -f config/nginxlog.conf

After starting filebeat and logstash, the data of /opt/nginxlog/*.log log files will enter the index database from filebeat->logstash->elasticsearch. nginxlog-%{+YYYY.MM.dd}, an example is shown in the figure:

Tags

Technical otaku

Sought technology together

Related Topic

1 Comments

author

order lipitor 10mg generic & lt;a href="https://lipiws.top/"& gt;generic atorvastatin 10mg& lt;/a& gt; atorvastatin 80mg oral

Npjtsk

2024-03-07

Leave a Reply

+