elk filebeat 日志管理系统

需要 filebeat 与es 版本号一致

1.elk的部署通过docker来实现的
docker run --name elk -p 5601:5601 -p 9200:9200 -p 5044:5044 -v /root/logs:/var/lib/elasticsearch --rm sebp/elk

2.使用filebeat 来收集日志信息给es
curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.2.0-x86_64.rpm
rpm -ivh filebeat-7.2.0-x86_64.rpm

修改配置文件 /etc/filebeat/filebeat.yml

[root@localhost filebeat]# grep -vE “^$|#” /etc/filebeat/filebeat.yml
filebeat.inputs:
- type: log
#默认没有启动，改成true
enabled: true
paths:
#需要收集的nginx日志文件
- /root/nginx-logs/.log
filebeat.config.modules:
path: ${path.config}/modules.d/.yml
reload.enabled: false
setup.template.settings:
index.number_of_shards: 1
setup.kibana:
output.elasticsearch:
#指定es服务
hosts: [“192.168.5.33:9200”]
processors:

• add_host_metadata: ~
• add_cloud_metadata: ~

systemctl restart filebeat

3. 循环访问nginx
   for var in {1…10};
   do
   curl filebeat_ip
   done

4.查看index
[root@localhost filebeat]# curl -X GET “localhost:9200/_cat/indices?v”
health status index uuid pri rep docs.count docs.deleted store.size pri.store.size
green open .kibana_1 w1CAntTKS-qcCCvmOUbVbA 1 0 50 0 928.9kb 928.9kb
green open .kibana_task_manager s1hg8iEfT7-cLuq8wPOhyw 1 0 2 0 13.5kb 13.5kb
green open kibana_sample_data_ecommerce qlfQDIWtQEK59oZ6qT6yTw 1 0 4675 0 4.8mb 4.8mb
yellow open filebeat-7.2.0-2019.08.15-000001 WcSVbtptRUG2SsIa9x5q9A 1 1 56 0 85.5kb 85.5kb

其中filebeat-7.2.0*收集nginx日志到es的记录

查看Kibana，就会看到收集的日志文件。