Beats 基础5

2022-02-11 16:33:33 浏览数 (1)

查看信息

logstash的配置中加入了 stdout {codec=>rubydebug} 是为了方便在终端监视信息(在实际应用中完全没有必要),经过一番刷屏,最终停了下来

产生了大量如下格式的输出

代码语言:javascript复制
...
...
{
       "message" => "Dec 24 22:49:08 h102 filebeat[3383]: registrar.go:157: Registry file updated. 0 states written.",
      "@version" => "1",
    "@timestamp" => "2015-12-24T14:59:26.133Z",
          "beat" => {
        "hostname" => "h102.temp",
            "name" => "h102.temp"
    },
         "count" => 1,
        "fields" => nil,
    "input_type" => "log",
        "offset" => 246594,
        "source" => "/var/log/messages",
          "type" => "log",
          "host" => "h102.temp"
}
{
       "message" => "Dec 24 22:49:08 h102 filebeat[3383]: beat.go:143: Cleaning up filebeat before shutting down.",
      "@version" => "1",
    "@timestamp" => "2015-12-24T14:59:26.133Z",
          "beat" => {
        "hostname" => "h102.temp",
            "name" => "h102.temp"
    },
         "count" => 1,
        "fields" => nil,
    "input_type" => "log",
        "offset" => 246690,
        "source" => "/var/log/messages",
          "type" => "log",
          "host" => "h102.temp"
}
...
...

再看ES里的信息

代码语言:javascript复制
[root@h102 ~]# curl localhost:9200/_cat/indices?v
health status index               pri rep docs.count docs.deleted store.size pri.store.size 
yellow open   logstash-2015.12.23   5   1        100            0    235.8kb        235.8kb 
yellow open   filebeat-2015.12.24   5   1       3175            0   1018.6kb       1018.6kb 
yellow open   logstash-2015.12.22   5   1         41            0    126.5kb        126.5kb 
yellow open   .kibana               1   1          2            0      8.3kb          8.3kb 
[root@h102 ~]#

发现已经产生了 filebeat-* 的index,并且有相当数量的文档

接下来只用导入模板和 index patternkibana 里,然后选择默认index 为 [filebeat-]YYYY.MM.DD ,就可以在界面里进行查看和检索了

命令汇总

  • curl -L -O https://download.elastic.co/beats/filebeat/filebeat-1.0.1-x86_64.rpm
  • sha1sum filebeat-1.0.1-x86_64.rpm
  • rpm -ivh filebeat-1.0.1-x86_64.rpm
  • tree /etc/filebeat/
  • vim /etc/filebeat/filebeat.yml
  • grep -v "#" /etc/filebeat/filebeat.yml | grep -v "^$"
  • curl -XPUT 'http://localhost:9200/_template/filebeat?pretty' -d@/etc/filebeat/filebeat.template.json
  • /etc/init.d/filebeat start
  • ps -Lf 2852
  • ps -Lf 2853
  • pstree -ap 2852
  • /opt/logstash/bin/logstash -f logstash-filebeat-es-simple.conf -t
  • cat logstash-filebeat-es-simple.conf
  • /opt/logstash/bin/logstash -f logstash-filebeat-es-simple.conf
  • netstat -ant | grep 5044
  • lsof -i :5044
  • pstree -ap 3518
  • curl localhost:9200/_cat/indices?v

原文地址

grep es 命令行工具

0 人点赞