filebeat收集至es

下载安装包解压

curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.8.1-linux-x86_64.tar.gz
tar xzvf filebeat-7.8.1-linux-x86_64.tar.gz

编辑配置文件

cat /data/app/filebeat/filebeat-7.8.1-linux-x86_64/filebeat.yml
filebeat.inputs:
- type: container
  enabled: true
  paths: '/var/lib/docker/containers/*/*.log'
#  multiline.pattern: '^[0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2}'
#  multiline.match: after
#  multiline.negate: true
#  multiline.max_lines: 10000
#  json.keys_under_root: true
#  json.add_error_key: true
#  json.message_key: log

filebeat.config:
  modules:
    path: ${path.config}/modules.d/*.yml
    reload.enabled: false


output.elasticsearch:
  hosts: '192.168.101.80:9200'
  username: "elastic"
  password: "qvz6pguDN8FYcZSgslRA"
  index: "sit-carcharging-logs-%{+yyyy.MM.dd}"
setup.template.settings:
  index.number_of_shards: 1
setup.template.enabled: true
setup.template.name: "sit-car-charging-logs"
setup.template.pattern: "sit-car-charging-logs-*"
setup.ilm.enabled: false
setup.kibana:
setup.ilm.enabled: false
setup.ilm.rollover_alias: "sit-car-charging-logs"
setup.ilm.pattern: "{now/d}-000001"
processors:
  - add_host_metadata:
      when.not.contains.tags: forwarded
  - add_cloud_metadata: ~
  - add_docker_metadata: ~
  - add_kubernetes_metadata: ~

添加systemd file

cat /usr/lib/systemd/system/filebeat.service
[Unit]
Description=Filebeat
Documentation=https://www.elastic.co/guide/en/beats/filebeat/current/index.html
Wants=network-online.target
After=network-online.target

[Service]
User=root
Group=root
ExecStart=/data/app/filebeat/filebeat-7.8.1-linux-x86_64/filebeat -c /data/app/filebeat/filebeat-7.8.1-linux-x86_64/filebeat.yml
Restart=always

[Install]
WantedBy=multi-user.target

重载开机自启

systemctl daemon-reload
systemctl start filebeat
systemctl enable filebeat