一步步建立 ELK log分析平台 --- filebeat 6.5.4 安装

1. 下载filebeat

ELK 体系里面 beats是log收集的模块，相当于garafana监控系统里面的各种agent，beats里面分为多种beat, 分为filebeat, 

Packetbeat 和Metricbeat。  这次我们只是log分析，安装filebeat就可以了

# wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.5.4-linux-x86_64.tar.gz

# tar -zxvf filebeat-6.5.4-linux-x86_64.tar.gz 

2. 修改filebeat.yml 文件

#vi filebeat.yml
filebeat.inputs:

# Each - is an input. Most options can be set at the input level, so
# you can use different inputs for various configurations.
# Below are the input specific configurations.

- type: log
  enabled: true
  paths:
     - /usr/local/a2p/log/*.log
  encoding: utf-8
  document_type: sms_system_log
  multiline.pattern: ^20
  multiline.negate: true
  multiline.match: after

- type: log
  enabled: true
  paths:
     - /usr/local/a2p/log/*.cdr.*
  encoding: utf-8
  document_type: sms_cdr
  multiline.pattern: ^20
  multiline.negate: true
  multiline.match: after

name: "HK_SMS_184"

#output.elasticsearch:   #必须注释了
  # Array of hosts to connect to.
#  hosts: ["localhost:9200"]  # 必须注释了

output.logstash:
  # The Logstash hosts
  hosts: ["172.31.216.34:5044"]

3. 启动filebeat

# more start.sh 
#!/usr/bin/bash

basepath=$(cd `dirname $0`; pwd)
nohup ./filebeat -c filebeat.yml -path.logs $basepath/logs &

到此为止，整个日志系统的监控平台安装完毕，后期将会慢慢研究怎么用的更好。