我已经将Logstash配置为直接选取文件(Gatling日志),使用自定义逻辑处理它们,然后发送到Elasticsearch。它工作正常。我现在正尝试设置Filebeat来将文件发送给它。
基础知识看起来很有效,因为我看到新的entires最终出现在Elasticsearch中,但它们看起来都错了。我的理论是Logstash配置为解析Gatling日志,但Filebeat不会直接发送日志,但是一些JSON或其他格式也包含元数据,而Logstash需要重新配置以解析它。
但是......如何找出Filebeat发送的内容?格式是否记录在哪里?
答案 0 :(得分:3)
将设置添加到filebeat.yml
您可以在路径中看到输出日志作为文件,以查看发生了什么。
output.file:
# Boolean flag to enable or disable the output module.
enabled: true
# Path to the directory where to save the generated files. The option is
# mandatory.
path: "your path"
# Name of the generated files. The default is `filebeat` and it generates
# files: `filebeat`, `filebeat.1`, `filebeat.2`, etc.
filename: filebeat
# Maximum size in kilobytes of each file. When this size is reached, and on
# every filebeat restart, the files are rotated. The default value is 10240
# kB.
#rotate_every_kb: 10000
# Maximum number of files under path. When this number of files is reached,
# the oldest file is deleted and the rest are shifted from last to first. The
# default is 7 files.
number_of_files: 7
如果您想查看网络设置
请添加设置以查看日志。
logging.level: warning
logging.to_files: true
logging.to_syslog: false
logging.files:
path: /var/log/mybeat
name: mybeat.log
keepfiles: 7