filebeat+ELK+kafka集群搭建(二:filebeat部署)
安装部署filebeat
1.建立yum源
[root@filebeat ~]# vim /etc/yum.repos.d/filebeat.repo
[filebeat-5.x]
name=filebeat repository for 5.x packages
baseurl=https://artifacts.elastic.co/packages/5.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
2.修改配置文件
[root@filebeat ~]# vim /etc/filebeat/filebeat.yml
………………………………
#=========================== Filebeat prospectors =============================
filebeat.prospectors:
# Each - is a prospector. Most options can be set at the prospector level, so
# you can use different prospectors for various configurations.
# Below are the prospector specific configurations.
- input_type: log
# Paths that should be crawled and fetched. Glob based paths.
paths:
- /var/log/zabbix/zabbix_server.log #日志文件路径
#- c:\programdata\elasticsearch\logs\*
………………………………………………
#-------------------------- Elasticsearch output ------------------------------
#output.elasticsearch: #因为不输出到es,所以注释
# Array of hosts to connect to.
# hosts: ["localhost:9200"] #因为不输出到es,所以注释
# Optional protocol and basic auth credentials.
#protocol: "https"
#username: "elastic"
#password: "changeme"
#----------------------------- Logstash output --------------------------------
output.kafka:
# The Logstash hosts
#kafka集群的IP地址+端口
hosts: ["192.168.205.155:9092","192.168.205.156:9092","192.168.205.157:9092"]
#kafka的一种主题
topic: 'credit'
注意:在filebeat 6.之后filebeat默认带输出到kafka的配置文件。更加方便(以后建议用6.版本的filebeat)**
3.启动并开机自启
[root@filebeat ~]# systemctl start filebeat
[root@filebeat ~]# systemctl enable filebeat
4.日志文件位置
/var/log/filebeat/filebeat
上一篇:filebeat+ELK+kafka集群搭建(一:简介)
下一篇:filebeat+ELK+kafka集群搭建(三:kafka集群部署)
转载请注明:SuperIT » filebeat+ELK+kafka集群搭建(二:filebeat部署)
