提问要多花一点心思哦

使用elk+filebeat获取日志,filebeat连接logstatsh拒绝

Logstash | 作者 kimgshe | 发布于2018年04月28日 | 阅读数:3744

使用elk+filebeat获取日志,filebeat连接logstatsh拒绝
filebeat的主部分配置文件:
filebeat.prospectors:

# Each - is a prospector. Most options can be set at the prospector level, so
# you can use different prospectors for various configurations.
# Below are the prospector specific configurations.

- type: log

  # Change to true to enable this prospector configuration.
  enabled: true

  # Paths that should be crawled and fetched. Glob based paths.
  paths:
    - /data/wwwlogs/access_nginx.log
  tags: ["nginxaccess"]

- type: log
  enabled: true
  paths:
    - /var/log/messages
  tags: ["messages"]
 
logstatsh配置文件:
input {
  beats {
    port => "5044" #注意要和filebeat的输出端口一致
  }
}

output {
  stdout{
        codec => "rubydebug"
    }
  if "nginxaccess" in [tags] {
  elasticsearch {
        hosts => [ "192.168.1.169:9200" ]
        index => "nginx-%{+YYYY.MM.dd}"
    }
  }

  if "messages" in [tags] {
  elasticsearch {
        hosts => [ "192.168.1.169:9200" ]
        index => "messages-%{+YYYY.MM.dd}"
    }
  }
}
 
 
如果把filebeat和logstatsh改成下面这样的就没有问题

filebeat.prospectors:

# Each - is a prospector. Most options can be set at the prospector level, so
# you can use different prospectors for various configurations.
# Below are the prospector specific configurations.

- type: log

  # Change to true to enable this prospector configuration.
  enabled: true

  # Paths that should be crawled and fetched. Glob based paths.
  paths:
    - /data/wwwlogs/access_nginx.log

logstatsh配置文件:
input {
  beats {
    port => "5044" #注意要和filebeat的输出端口一致
  }
}

output {
  stdout{
        codec => "rubydebug"
    }
  elasticsearch {
        hosts => [ "192.168.1.169:9200" ]
        index => "nginx-%{+YYYY.MM.dd}"
    }
}
 
已邀请:

要回复问题请先登录注册