ES01# FileBeat与Elasticsearch集成

// 下载地址 本文为Elasticsearch 7.10.2
https://www.elastic.co/cn/downloads/past-releases#elasticsearch

https://www.elastic.co/guide/en/elasticsearch/reference/7.10/targz.html

bin/elasticsearch -h
Option                Description                                               
------                -----------                                               
-E <KeyValuePair>     Configure a setting                                       
-V, --version         Prints Elasticsearch version information and exits        
-d, --daemonize       Starts Elasticsearch in the background                    
-h, --help            Show help                                                 
-p, --pidfile <Path>  Creates a pid file in the specified path on start         
-q, --quiet           Turns off standard output/error streams logging in console
-s, --silent          Show minimal output                                       
-v, --verbose         Show verbose output  

bin/elasticsearch -d -Ecluster.name=melon_cluster -Enode.name=node_1  -Epath.data=node1_data

bin/elasticsearch -d -Ecluster.name=melon_cluster -Enode.name=node_2  -Epath.data=node2_data

bin/elasticsearch -d -Ecluster.name=melon_cluster -Enode.name=node_3  -Epath.data=node3_data

curl http://localhost:9200/_cat/nodes
127.0.0.1 33 100 30 4.40   cdhilmrstw * node_1
127.0.0.1 22 100 30 4.40   cdhilmrstw - node_3
127.0.0.1 24 100 30 4.40   cdhilmrstw - node_2

curl http://localhost:9200/_cluster/health
{
    "cluster_name":"melon_cluster",
    "status":"green",
    "timed_out":false,
    "number_of_nodes":3,
    "number_of_data_nodes":3,
    "active_primary_shards":0,
    "active_shards":0,
    "relocating_shards":0,
    "initializing_shards":0,
    "unassigned_shards":0,
    "delayed_unassigned_shards":0,
    "number_of_pending_tasks":0,
    "number_of_in_flight_fetch":0,
    "task_max_waiting_in_queue_millis":0,
    "active_shards_percent_as_number":100
}

// 下载地址， 本文为 Kibana 7.10.2
https://www.elastic.co/cn/downloads/past-releases#kibana

bin/kibana
...
log   [14:08:09.911] [info][plugins][watcher] Your basic license does not support watcher. Please upgrade your license.
log   [14:08:09.915] [info][kibana-monitoring][monitoring][monitoring][plugins] Starting monitoring stats collection
log   [14:08:10.984] [info][listening] Server running at http://localhost:5601
log   [14:08:11.936] [info][server][Kibana][http] http server running at http://localhost:5601
...

本文以Filebeat 7.15.2为例
https://www.elastic.co/cn/downloads/past-releases#filebeat

https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-installation-configuration.html

type: log
  # Change to true to enable this input configuration.
  enabled: true
  # Paths that should be crawled and fetched. Glob based paths.
  paths:
    - /Users/admin/logs/csp/*.log
    
filebeat.config.modules:
  # Glob pattern for configuration loading
  path: ${path.config}/modules.d/*.yml

  # Set to true to enable config reloading
  reload.enabled: true

  # Period on which files under path should be checked for changes
  reload.period: 10s
 

setup.kibana:

  # Kibana Host
  # Scheme and port can be left out and will be set to the default (http and 5601)
  # In case you specify and additional path, the scheme is required: http://localhost:5601/path
  # IPv6 addresses should always be defined as: https://[2001:db8::1]:5601
  host: "localhost:5601"

output.elasticsearch:
  # Array of hosts to connect to.
  hosts: ["localhost:9200"]

sudo chown root filebeat.yml
sudo filebeat -e