Filebeat 部署1. 简介 Filebeat是一个轻量级的日志收集工具，安装在客户端，资源消耗少。Filebeat

1. 简介

Filebeat是一个轻量级的日志收集工具，安装在客户端，资源消耗少。Filebeat监控并收集指定路径下的日志文件信息，并将收集到的日志数据发送到Elasticsearch或者Logstash。

2. 架构

3. 部署

3.1. 下载

$ https://mirrors.aliyun.com/elasticstack/yum/elastic-8.x/8.5.3/filebeat-8.5.3-x86_64.rpm

3.2. 安装

$ yum -y localinstall filebeat-8.5.3-x86_64.rpm

3.3. 配置


$ vim +25 /etc/filebeat/filebeat.yml

setup.ilm.enabled: false
setup.template.enabled: true
setup.template.name: "nginx-log"
setup.template.pattern: "nginx-log-*"
setup.template.overwrite: true

filebeat.inputs:
- type: log
  enabled: true
  paths:
    - /var/log/nginx/*.log

output.elasticsearch:
  hosts: ["http://172.16.8.128:5080"]
  timeout: 10
  path: "/api/default/"
  index: default
  username: "root@example.com"
  password: "a9CIZuMWEIzB7ytM"

3.4. 启动

$ systemctl daemon-reload

$ systemctl restart filebeat.service