Filebeat 安装、配置

最新推荐文章于 2024-01-14 19:09:32 发布

beyond_qjm

最新推荐文章于 2024-01-14 19:09:32 发布

阅读量7.6k

点赞数

CC 4.0 BY-SA版权

分类专栏： ELK 文章标签： Filebeat 安装

本文链接：https://blog.youkuaiyun.com/beyond_qjm/article/details/81944486

本文档详细介绍了Filebeat的安装步骤，包括从Elastic官方下载旧版本、解压到指定目录、配置filebeat.yml文件，以及如何启动和清除读取标记。在启动Filebeat后，若要从文件开头重新读取，需删除registry文件并重启服务。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

ELK实战：https://blog.youkuaiyun.com/beyond_qjm/article/details/81943187

一、下载

https://www.elastic.co/downloads/past-releases

https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.2.3-linux-x86.tar.gz

二、解压安装

安装目录

/opt

tar -xvf filebeat/filebeat-6.2.3-linux-x86.tar.gz

三、配置详解

配置文件（/opt/filebeat-6.2.3-linux-x86/filebeat.yml）

filebeat:
# List of prospectors to fetch data.
prospectors:
# Each - is a prospector. Below are the prospector specific configurations
-
# Paths that should be crawled and fetched. Glob based paths.
# To fetch all ".log" files from a specific level of subdirectories
# /var/log/*/*.log can be used.
# For each file found under this path, a harvester is started.
# Make sure not file is defined twice as this can lead to unexpected behaviour.
# 指定要监控的日志，可以指定具体得文件或者目录
paths:
- /var/log/*.log # 这是默认的，自行可以修改，比如可以放在 /logs/localhost_access_*
#- c:\programdata\elasticsearch\logs\*

# Configure the file encoding for reading files with international characters
# following the W3C recommendation for HTML5 (http://www.w3.org/TR/encoding).
# Some sample encodings:
# plain, utf-8, utf-16be-bom, utf-16be, utf-16le, big5, gb18030, gbk,
# hz-gb-2312, euc-kr, euc-jp, iso-2022-jp, shift-jis, ...
# 指定被监控的文件的编码类型，使用plain和utf-8都是可以处理中文日志的
#encoding: plain

# Type of the files. Based on this the way the file is read is decided.
# The different types cannot be mixed in one prospector
#
# Possible options are:
# * log: Reads every line of the log file (default)
# * stdin: Reads the standard in
# 指定文件的输入类型log(默认)或者stdin
input_type: log

# Exclude lines. A list of regular expressions to match. It drops