我试图让filebeat从特定目录中的日志文件中读取json数据包,然后直接发送到elasticsearch,而不使用logstash。我启动了filebeat服务,但仍在Powershell控制台中显示以下消息:
INFO [monitoring] log/log.go:145 Non-zero metrics in the last 30s
{"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":359},"total":
{"ticks":718,"value":718},"user":{"ticks":359}},"handles":
{"open":238},"info":{"ephemeral_id":"da200c4c-dff4-4ff5-bdf2-
15048ef0d495","uptime":{"ms":150221}},"memstats":...
有人可以帮忙吗? ELK堆栈正在docker中运行,但是在使用http://xxx.xxx.xxx.x:5601/浏览器查找时似乎可以正常工作。
filebeat.yml配置似乎也正确:
filebeat.inputs:
# Each - is an input. Most options can be set at the input level, so
# you can use different inputs for various configurations.
# Below are the input specific configurations.
- type: log
# Change to true to enable this input configuration.
enabled: true
# Paths that should be crawled and fetched. Glob based paths.
paths:
- C:\var\log\*
#- c:\programdata\elasticsearch\logs\*
....
和输出配置
#============================= Filebeat modules===============
filebeat.config.modules:
# Glob pattern for configuration loading
path: ${path.config}/modules.d/*.yml
# Set to true to enable config reloading
reload.enabled: false
# Period on which files under path should be checked for changes
#reload.period: 10s
#==================== Elasticsearch template setting #
setup.template.settings:
index.number_of_shards: 1
#index.codec: best_compression
#_source.enabled: false
output.elasticsearch:
# Array of hosts to connect to.
hosts: ["192.xxx.xxx.x:9200"]