Elk -- the simplest installation and configuration of filebeat

Posted by mubashir on Wed, 18 Mar 2020 16:10:11 +0100

I just do a basic configuration here to ensure that the logs to be collected can be collected, and then the same log information can be merged in multiple lines (as mentioned in the introduction of filebeat, the harvester reads the logs one line at a time), and then a name can be marked (this can be used when configuring kibana index)

install

It's OK to decompress and install directly. The path is arbitrary. It's important to note that the version number should be consistent with that of es and logstack. The log of which server you need to collect should be installed on which server

To configure

The most basic configuration is that I collect the logs and then transfer them to logstaach instead of the default es. What's more, there should be a space after each colon. This is the format or an error will be reported

filebeat.prospectors:

- type: log
  paths:
    /usr/local/tomcat-achievement-8082/logs/*.log
  ignore_older: "24h"
  fields_under_root: true
  fields:
    level: achive-8082-52
    review: 1
  multiline.pattern: '^[[:space:]]|^Caused'
  multiline.negate: false
  multiline.match: after


- type: log
  paths:
    /usr/local/tomcat-basicInfo-8081/logs/*.log
  ignore_older: "24h"
  fields_under_root: true
  fields:
    level: basic-8081-52
    review: 1
  multiline.pattern: '^[[:space:]]|^Caused'
  multiline.negate: false
  multiline.match: after

- type: log
  paths:
    /usr/local/tomcat-examinationEvaluation-8083/logs/*.log
  ignore_older: "24h"
  fields_under_root: true
  fields:
    level: exam-8083-52
    review: 1
  multiline.pattern: '^[[:space:]]|^Caused'
  multiline.negate: false
  multiline.match: after


filebeat.config.modules:
  path: ${path.config}/modules.d/*.yml

  reload.enabled: false

setup.template.settings:
  index.number_of_shards: 3

setup.kibana:

#-------------------------- Elasticsearch output ------------------------------
#output.elasticsearch:
  # Array of hosts to connect to.
 # hosts: ["192.168.22.95:9200"]

#----------------------------- Logstash output --------------------------------
output.logstash:
  # The Logstash hosts
  hosts: ["192.168.22.75:4560"]

#logging.level: debug

among

- type: log
  paths:
    /usr/local/tomcat-basicInfo-8081/logs/*.log
  ignore_older: "24h"
  fields_under_root: true
  fields:
    level: basic-8081-52
    review: 1
  multiline.pattern: '^[[:space:]]|^Caused'
  multiline.negate: false
  multiline.match: after

This configuration needs to collect the logs of the users. I need to collect the logs of three tomcat to compensate three tomcat

Topics: Tomcat ElasticSearch

Hot Topics

©2024 Programmer Think