安装docker
略
创建目录和配置
mkdir -p /root/filebeat/log
mkdir -p /root/filebeat/config
cd /root/filebeat/config
vi /root/filebeat/config/filebeat.yml
filebeat.yml内容如下(根据实际情况配置)
#filebeat自身日志配置
logging.level: info
logging.to_files: true
logging.files:
path: /var/log/filebeat
name: filebeat
keepfiles: 7
permissions: 0644
# 日志输入配置(可配置多个)
filebeat.inputs:
- type: log
enabled: true
paths:
- /var/log/test_dev/hello/log/app/*.log
tags: ["gateway"]
fields:
server: 192.168.130.21 #自定义字段,用来区分的
fields_under_root: true
#日志输出配置
output.kafka:
enabled: true
hosts: ["192.168.130.20:9092","192.168.130.19:9092","192.168.130.21:9092"]
topic: "hello-elk"
partition.round_robin:
reachable_only: false
required_acks: 1
compression: gzip
max_message_bytes: 1000000
启动
要收集的日志目录从外面挂进来
docker run -d --name filebeat \
-v /root/test_dev/: /var/log/test_dev \
-v /root/filebeat/log:/var/log/filebeat \
-v /root/filebeat/config/filebeat.yml:/usr/share/filebeat/filebeat.yml \
elastic/filebeat:7.6.1 \