下面是我配置文件:
1、filebeat:
filebeat.prospectors:
- input_type: log
paths:
- /var/log/message.log
document_type: linux
- input_type: log
paths:
- /var/log/httpd/access_log
document_type: api
hosts: ["192.168.1.3:9200"]
output.logstash:
hosts: ["192.168.1.3:5044"]
ssl.certificate: "/etc/pki/tls/certs/logstash-forwarder.crt"
ssl.key: "/etc/pki/tls/private/logstash-forwarder.key"
这里是logstash配置文件:
1、logstash-5.5.1/conf/redis-input.con
input {
beats {
port => "5043"
ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt"
ssl_key => "/etc/pki/tls/private/logstash-forwarder.key"
}
}
output {
redis {
host => "192.168.1.3"
port => 6379
data_type => "list"
key => "logstash:redis"
password => "123456"
}
stdout { codec => rubydebug }
}
2、logstash-5.5.1/conf/redis-output.conf
input {
redis {
data_type => "list"
key => "logstash:redis"
host => "192.168.1.3"
port => 6379
password => "123456"
}
}
output {
if[type] =="linux"{
elasticsearch {
hosts => [ "192.168.1.3:9200" ]
index => "linux-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
flush_size => 20000
idle_flush_time => 10
template_overwrite => true
}
}else if[type] =="api"{
elasticsearch {
hosts => [ "192.168.1.3:9200" ]
index => "api-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
flush_size => 20000
idle_flush_time => 10
template_overwrite => true
}
}
stdout { codec => rubydebug }
}
配置文件成功启动没有问题:
但redis上查看是没有日志过来的
127.0.0.1:6379> auth 123456
OK
127.0.0.1:6379> llen "linux"
(integer) 0
127.0.0.1:6379> llen "api"
(integer) 0
127.0.0.1:6379>
1、filebeat:
filebeat.prospectors:
- input_type: log
paths:
- /var/log/message.log
document_type: linux
- input_type: log
paths:
- /var/log/httpd/access_log
document_type: api
hosts: ["192.168.1.3:9200"]
output.logstash:
hosts: ["192.168.1.3:5044"]
ssl.certificate: "/etc/pki/tls/certs/logstash-forwarder.crt"
ssl.key: "/etc/pki/tls/private/logstash-forwarder.key"
这里是logstash配置文件:
1、logstash-5.5.1/conf/redis-input.con
input {
beats {
port => "5043"
ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt"
ssl_key => "/etc/pki/tls/private/logstash-forwarder.key"
}
}
output {
redis {
host => "192.168.1.3"
port => 6379
data_type => "list"
key => "logstash:redis"
password => "123456"
}
stdout { codec => rubydebug }
}
2、logstash-5.5.1/conf/redis-output.conf
input {
redis {
data_type => "list"
key => "logstash:redis"
host => "192.168.1.3"
port => 6379
password => "123456"
}
}
output {
if[type] =="linux"{
elasticsearch {
hosts => [ "192.168.1.3:9200" ]
index => "linux-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
flush_size => 20000
idle_flush_time => 10
template_overwrite => true
}
}else if[type] =="api"{
elasticsearch {
hosts => [ "192.168.1.3:9200" ]
index => "api-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
flush_size => 20000
idle_flush_time => 10
template_overwrite => true
}
}
stdout { codec => rubydebug }
}
配置文件成功启动没有问题:
但redis上查看是没有日志过来的
127.0.0.1:6379> auth 123456
OK
127.0.0.1:6379> llen "linux"
(integer) 0
127.0.0.1:6379> llen "api"
(integer) 0
127.0.0.1:6379>
0 个回复