碼上歡樂
相關內容    簡體    繁體

ELK之filebeat替代logstash收集日志

本文轉載自   查看原文   2019-02-10 20:26   711    ELK

filebeat->redis->logstash->elasticsearch

官網下載地址:https://www.elastic.co/downloads/beats/filebeat

  Filebeat是輕量級單用途的日志收集工具,用於在沒有安裝java的服務器上專門收集日志,可以將日志轉發到logstash、elasticsearch或redis等場景中進行下一步處理.

1.Filebeat安裝和配置

ip:10.0.0.33

cd /usr/local/src/
wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-5.4.0-x86_64.rpm
grep -vE "#|^$" /etc/filebeat/filebeat.yml
filebeat.prospectors:
- input_type: log
  paths:
    - /var/log/*.log
    - /var/log/messages
  exclude_lines: ['^DBG',"^$"]
  document_type: filesystem-log-0033
output.file:
  path: "/tmp"
  filename: "filebeat.txt"
# exclude_lines:排除以DBG開頭和空行
# document_type:設置類型,相當於給每條日志打個標簽
systemctl restart filebeat
echo "filebeat has been restarted" >> /var/log/messages
tail -1 /var/log/messages
{"@timestamp":"2019-02-09T12:15:58.454Z","beat":{"hostname":"linux-elk2","name":"linux-elk2","version":"5.4.0"},
"input_type":"log","message":"filebeat has been restarted","offset":130373,
"source":"/var/log/messages","type":"filesystem-log-0033"}

2.配置filebeat輸出到redis

cd /usr/local/redis/
vim redis.conf 
bind 10.0.0.33
daemonize yes
save ""
#save 900 1
#save 300 10
#save 60 10000
requirepass 123456
# 啟動redis
redis-server /usr/local/redis/redis.conf

vim /etc/filebeat/filebeat.yml 
#修改output
output.redis:
  hosts: "10.0.0.33"
  db: "2"
  port: "6379"
  password: "123456"
  key: "filesystem-log-0033"

systemctl restart filebeat
echo "123456" >> /var/log/messages

redis-cli -h 10.0.0.33 -a 123456

3.配置linux-elk1節點的logstash收取redis中的數據

vim redis-logstash.conf 
input {
    redis {
        data_type => "list"  
        host => "10.0.0.33"
        db => "2"
        port => "6379"
        password => "123456"
        key => "filesystem-log-0033"
    }
}

output {
  if [type] == "filesystem-log-0033" {
    elasticsearch {
        hosts => ["10.0.0.22:9200"]
        index => "filesystem-log-0033-%{+YYYY.MM.dd}"
    }
  }
}
systemctl restart logstash

此時elk2上redis中的數據已經被elk1上的logstash取走,並存到es上了

4.監控Redis的隊列長度

# centos7上默認的python版本是2.7,可以用yum下載pip
yum -y install python-pip
pip install redis 

cat  redis-test.py 
#!/usr/bin/env python
import redis
def redis_conn():
    pool=redis.ConnectionPool(host="10.0.0.33",port=6379,db=2,password=123456)
    conn = redis.Redis(connection_pool=pool)
    data = conn.llen('filesystem-log-0033')
    print(data)
redis_conn()

 

filebeat代替logstash收集日志:http://blog.51cto.com/jinlong/2056598


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 ELK快速入門(四)filebeat替代logstash收集日志 使用filebeat替代logstash收集日志 ELK之九----logstash結合filebeat經過kafka收集系統及nginx日志 ELK 收集 Docker 日志(filebeat+kafka+logstash+elasticsearch+kibana) ELK之filebeat收集多類型日志 單個logstash文件收集多個filebeat日志 logstash收集時filebeat區分日志 zabbix+filebeat+logstash日志收集 filebeat和logstash收集處理java多行日志 ELK之四-----logstash收集nginx日志及tcp日志
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM