1.配置收集日志到logstash
[root@web01 ~]# vim /etc/filebeat/filebeat.yml
filebeat.inputs:
- type: log
enable: true
paths:
- /var/log/nginx/access.log
json.keys_under_root: true
json.overwrite_keys: true
output.logstash:
hosts: ["172.16.1.52:3456"]
#如果启动失败,查看日志,应该是172.16.1.52服务器的3456端口没有启动,需要先启动52的logstash
2.配置logstash收集日志到ES
[root@db02 ~]# vim /etc/logstash/conf.d/filebeat_logstash_es.conf
input {
beats {
port => 3456
codec => "json"
}
}
output {
elasticsearch {
hosts => ["10.0.0.51:9200"]
index => "nginx_filebeat_logstash_es"
}
}
3.查看es数据