使用elk+filebeat获取日志,filebeat连接logstatsh拒绝
filebeat的主部分配置文件:
filebeat.prospectors:
# Each - is a prospector. Most options can be set at the prospector level, so
# you can use different prospectors for various configurations.
# Below are the prospector specific configurations.
- type: log
# Change to true to enable this prospector configuration.
enabled: true
# Paths that should be crawled and fetched. Glob based paths.
paths:
- /data/wwwlogs/access_nginx.log
tags: ["nginxaccess"]
- type: log
enabled: true
paths:
- /var/log/messages
tags: ["messages"]
logstatsh配置文件:
input {
beats {
port => "5044" #注意要和filebeat的输出端口一致
}
}
output {
stdout{
codec => "rubydebug"
}
if "nginxaccess" in [tags] {
elasticsearch {
hosts => [ "192.168.1.169:9200" ]
index => "nginx-%{+YYYY.MM.dd}"
}
}
if "messages" in [tags] {
elasticsearch {
hosts => [ "192.168.1.169:9200" ]
index => "messages-%{+YYYY.MM.dd}"
}
}
}
如果把filebeat和logstatsh改成下面这样的就没有问题
filebeat.prospectors:
# Each - is a prospector. Most options can be set at the prospector level, so
# you can use different prospectors for various configurations.
# Below are the prospector specific configurations.
- type: log
# Change to true to enable this prospector configuration.
enabled: true
# Paths that should be crawled and fetched. Glob based paths.
paths:
- /data/wwwlogs/access_nginx.log
logstatsh配置文件:
input {
beats {
port => "5044" #注意要和filebeat的输出端口一致
}
}
output {
stdout{
codec => "rubydebug"
}
elasticsearch {
hosts => [ "192.168.1.169:9200" ]
index => "nginx-%{+YYYY.MM.dd}"
}
}
filebeat的主部分配置文件:
filebeat.prospectors:
# Each - is a prospector. Most options can be set at the prospector level, so
# you can use different prospectors for various configurations.
# Below are the prospector specific configurations.
- type: log
# Change to true to enable this prospector configuration.
enabled: true
# Paths that should be crawled and fetched. Glob based paths.
paths:
- /data/wwwlogs/access_nginx.log
tags: ["nginxaccess"]
- type: log
enabled: true
paths:
- /var/log/messages
tags: ["messages"]
logstatsh配置文件:
input {
beats {
port => "5044" #注意要和filebeat的输出端口一致
}
}
output {
stdout{
codec => "rubydebug"
}
if "nginxaccess" in [tags] {
elasticsearch {
hosts => [ "192.168.1.169:9200" ]
index => "nginx-%{+YYYY.MM.dd}"
}
}
if "messages" in [tags] {
elasticsearch {
hosts => [ "192.168.1.169:9200" ]
index => "messages-%{+YYYY.MM.dd}"
}
}
}
如果把filebeat和logstatsh改成下面这样的就没有问题
filebeat.prospectors:
# Each - is a prospector. Most options can be set at the prospector level, so
# you can use different prospectors for various configurations.
# Below are the prospector specific configurations.
- type: log
# Change to true to enable this prospector configuration.
enabled: true
# Paths that should be crawled and fetched. Glob based paths.
paths:
- /data/wwwlogs/access_nginx.log
logstatsh配置文件:
input {
beats {
port => "5044" #注意要和filebeat的输出端口一致
}
}
output {
stdout{
codec => "rubydebug"
}
elasticsearch {
hosts => [ "192.168.1.169:9200" ]
index => "nginx-%{+YYYY.MM.dd}"
}
}
0 个回复