ELKF搭建
Posted net2817
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了ELKF搭建相关的知识,希望对你有一定的参考价值。
logstash
cat /etc/logstash/logstash.yml |grep -v ‘#‘
path.data: /data/logstash/data
pipeline.ordered: auto
path.config: /data/logstash_conf/*.conf
config.reload.automatic: true
config.reload.interval: 3s
log.level: info
path.logs: /var/log/logstash
cat input.conf
# Sample Logstash configuration for creating a simple
# Beats -> Logstash -> Elasticsearch pipeline.
input {
beats {
port => 5044
}
}
filebeat
[root@pro-bed-10-10-0-120 ~]# cat /etc/filebeat/filebeat.yml
filebeat.inputs:
filebeat.config.prospectors:
enabled: true
path: configs/*.yml
reload.enabled: true
reload.period: 10s
filebeat.config.modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: true
reload.period: 10s
output.logstash:
hosts: ["*********:5044"]
cat find_file_logstast.sh
#!/bin/bash
dir=$( find /logs/**/*.log)
for i in $dir
do
# echo $i
a1=${i//logs//}
b1=${a1///-}
c1=${b1/.log/}
# echo $c1
cd /etc/filebeat/configs
rm -rf ${c1}.yml
#if [ -f ${c1}.yml ];then
#echo "文件存在"
#else
echo "
- type: log
enabled: true
paths:
- $i
tags: ""$c1""
multiline.pattern: ‘^[0-9]{4}-[0-9]{2}-[0-9]{2}‘
multiline.negate: true
multiline.match: after
multiline.timeout: 10s
" > ${c1}.yml
#fi
cd /data/logstash_conf
rm -rf ${c1}.conf
#if [ -f ${c1}.conf ];then
#echo "logstash配置文件存在"
#else
echo "
output {
if ""${c1}"" in [tags] {
elasticsearch {
action => ""index""
hosts => [""http://***************:9200""]
index => ""${c1}-%{+YYYY-MM-dd}""
user => ""**********""
password => ""**************""
}
}
}
" > ${c1}.conf
#fi
done
echo `date`
scp -r /data/logstash_conf/* **************:/data/logstash_conf/
以上是关于ELKF搭建的主要内容,如果未能解决你的问题,请参考以下文章