elk+kafka+filebeat

  • 开发
  • 50

elk1

cd /opt

把filebeat投进去

tar -xf filebeat-6.7.2-linux-x86_64.tar.gz

mv filebeat-6.7.2-linux-x86_64 filebeat

cd filebeat/

yum -y install nginx

systemctl restart nginx

vim /usr/share/nginx/html/index.html

this is nginx

cp filebeat.yml filebeat.yml.bak

vim filebeat.yml

- type: log

enabled: true

paths:

- /var/log/nginx/access.log

- /var/log/nginx/error.log

tags: ["nginx"]

fields:

service_name: 192.168.66.17_nginx_kafka

log_type: nginx

from: 192.168.66.17

output.kafka:

enabled: true

hosts: ["192.168.66.18:9092","192.168.66.19:9092","192.168.66.20:9092"]

topic: "nginx"

chmod 777 /var/log/nginx/access.log /var/log/nginx/error.log

cd /opt/filebeat

nohup ./filebeat -e -c filebeat.yml > filebeat.out &

tail -f filebeat.out

cd /etc/logstash/conf.d

input {

kafka {

bootstrap_servers => "192.168.66.18:9092,192.168.66.19:9092,192.168.66.20:9092"

topics => "nginx"

type => "nginx_kafka"

codec => "json"

auto_offset_reset => "earliest"

decorate_events => true

}

}

output {

if "nginx" in [tags] {

elasticsearch {

hosts => ["192.168.66.15:9200","192.168.66.16:9200"]

index => "%{[fields][service_name]}-%{+YYYY.MM.dd}"

}

}

}

codec => "json"

解析json格式的代码

auto_offset_reset => "earliest"

从头拉去,latest(实时更新)

decorate_events => true

传递给es实例中的信息包含kafka的属性数据

kafka上面看

elk:

logstash -f kafka.conf --path.data /opt/test8 &

阅读全部

相关推荐

最近更新

  3. docker php8.1+nginx base 镜像 dockerfile 配置

    2023-12-07 05:20:07       98 阅读

  4. Could not load dynamic library ‘cudart64_100.dll‘

    2023-12-07 05:20:07       106 阅读

  9. 在Django里面运行非项目文件

    2023-12-07 05:20:07       87 阅读

  19. Python语言-面向对象

    2023-12-07 05:20:07       96 阅读

  20. 如何分清楚常见的 Git 分支管理策略Git Flow、GitHub Flow 和 GitLab Flow

    2023-12-07 05:20:07       91 阅读

热门阅读

  6. 通过提示工程释放人工智能

    2023-12-07 05:20:07       48 阅读

  10. Flink优化——数据倾斜(二)

    2023-12-07 05:20:07       60 阅读

  23. Linux常见问题-获取日志方法总结(Ubuntu/Debian)

    2023-12-07 05:20:07       62 阅读

  24. Linux: 退出vim编辑模式

    2023-12-07 05:20:07       46 阅读

  26. 关于我一个后端开发,体验了一把产品经理这件事。

    2023-12-07 05:20:07       50 阅读