本文共 1283 字,大约阅读时间需要 4 分钟。
转载地址:
filebeat 一个ELK架构中,专门用来收集数据的插件
官网:
filebeat安装很简单,推荐使用tar包下载,解压
配置文件需要放置在一个专门的目录中
shipper: name: 147240-filebeat-1 queue_size: 1000filebeat: spool_size: 2048 idle_timeout: 2s registry_file: /data/logs/filebeat/filebeat-1/.filebeat #存储偏移量文件 publish_async: false #异步推送 prospectors: - paths: - /data/logs/tomcat/aa-am.log #定义被收集的日志的路径 document_type: logs #文档乐行 ignore_older: 24h # 忽略24小时之前的日志 close_older: 1h scan_frequency: 10s # 10秒扫描一次文件 tail_files: true force_close_files: true fields_under_root: true fields: #定义收集的日志特有属性 app: sam server: tomcat ver: 1 hostip: 127.0.0.1 logname: test-am module: dm assigner: DongBo logid: 1476203703774 multiline: pattern: '^[[:space:]]+|^Caused by:' negate: false match: after max_lines: 500output.kafka: # 将收集到的日志推送到kafka中 hosts: ["kafkahost:port1","kafkahost:port2"] topic: business #定义topic key: business partition.round_robin: reachable_only: false required_acks: 1 compression: gzip max_message_bytes: 1000000logging: # filebeat自身打印日志 level: info to_files: true to_syslog: false files: path: /data/logs/filebeat/filebeat-1 rotateeverybytes: 104857600 name: filebeat.log keepfiles: 7