Ubuntu16.04安装Filebeat
Filebeat官方文档地址
https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-installation.html
下载和安装
curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.3.1-linux-x86_64.tar.gz
tar xzvf filebeat-7.3.1-linux-x86_64.tar.gz
编写filebeat.yml
启动
chmod go-w /home/lintong/software/apache/filebeat-7.3.1-linux-x86_64/filebeat.yml
./filebeat -e -c filebeat.yml
codec.format
codec.format:
string: '%{[@timestamp]} %{[message]}'
输出
2019-09-13T17:06:51.797Z 123123123123
codec.json
codec.json:
pretty: true
escape_html: false
输出
{
"@timestamp": "2019-09-13T09:08:49.590Z",
"@metadata": {
"beat": "filebeat",
"type": "_doc",
"version": "7.3.1",
"topic": "thrift_json_source"
},
"host": {
"name": "lintong-B250M-DS3H"
},
"agent": {
"version": "7.3.1",
"type": "filebeat",
"ephemeral_id": "60b93a10-dcce-499b-ae81-0755bfc8bf5c",
"hostname": "lintong-B250M-DS3H",
"id": "6ebb0912-ffce-4ddd-9cc8-7bf624e62c78"
},
"ecs": {
"version": "1.0.1"
},
"message": "123123123123",
"log": {
"file": {
"path": "/home/lintong/下载/test.log"
},
"offset": 0
},
"input": {
"type": "log"
}
}
如果pretty是false将输出
{"@timestamp":"2019-09-13T09:10:50.164Z","@metadata":{"beat":"filebeat","type":"_doc","version":"7.3.1","topic":"thrift_json_source"},"log":{"file":{"path":"/home/lintong/下载/test.log"},"offset":0},"message":"123123123123","input":{"type":"log"},"ecs":{"version":"1.0.1"},"host":{"name":"lintong-B250M-DS3H"},"agent":{"type":"filebeat","ephemeral_id":"b26075f9-37f8-4d95-9341-fccc4504c1b5","hostname":"lintong-B250M-DS3H","id":"6ebb0912-ffce-4ddd-9cc8-7bf624e62c78","version":"7.3.1"}}
如果需要添加字段
paths:
- /home/lintong/下载/test.log
fields:
add_field: lintong
输出
{
"@timestamp": "2019-09-16T08:16:06.169Z",
"@metadata": {
"beat": "filebeat",
"type": "_doc",
"version": "7.3.1",
"topic": "thrift_json_source"
},
"host": {
"name": "lintong-B250M-DS3H"
},
"log": {
"offset": 31,
"file": {
"path": "/home/lintong/下载/test.log"
}
},
"message": "33333333",
"input": {
"type": "log"
},
"fields": {
"add_field": "lintong"
},
"agent": {
"type": "filebeat",
"ephemeral_id": "c16102da-421d-4ff3-90ad-1737451a909d",
"hostname": "lintong-B250M-DS3H",
"id": "6ebb0912-ffce-4ddd-9cc8-7bf624e62c78",
"version": "7.3.1"
},
"ecs": {
"version": "1.0.1"
}
}
在codec.format中添加字段
codec.format:
string: '%{[@timestamp]} %{[fields.add_field]} %{[message]}'
输出
2019-09-16T16:18:34.048Z lintong 55555555
如果想添加的字段在json的顶层,就是不在fields字段下层
paths:
- /home/lintong/下载/test.log
fields:
add_field: lintong
fields_under_root: true
输出
{
"@timestamp": "2019-09-16T08:22:43.997Z",
"@metadata": {
"beat": "filebeat",
"type": "_doc",
"version": "7.3.1",
"topic": "thrift_json_source"
},
"agent": {
"ephemeral_id": "d8e45d90-6434-4e0d-a6fc-74611b87cbd4",
"hostname": "lintong-B250M-DS3H",
"id": "6ebb0912-ffce-4ddd-9cc8-7bf624e62c78",
"version": "7.3.1",
"type": "filebeat"
},
"log": {
"offset": 58,
"file": {
"path": "/home/lintong/下载/test.log"
}
},
"message": "66666666",
"add_field": "lintong",
"input": {
"type": "log"
},
"ecs": {
"version": "1.0.1"
},
"host": {
"name": "lintong-B250M-DS3H"
}
}
如果要去掉不要的字段
参考:
https://studygolang.com/articles/10935
和
https://www.elastic.co/guide/en/beats/filebeat/current/drop-fields.html
比如
processors:
- drop_fields:
fields: ["host", "log", "input","ecs","agent"]
输出
{
"@timestamp": "2019-09-16T08:55:55.934Z",
"@metadata": {
"beat": "filebeat",
"type": "_doc",
"version": "7.3.1",
"topic": "thrift_json_source"
},
"message": "33333333",
"add_field": "lintong"
}
其中@metadata和@timestamp不能在filebeat中去掉
Ubuntu16.04安装Filebeat的更多相关文章
- ubuntu16.04安装jdk,tomcat
ubuntu16.04安装jdk,tomcat 最近装了一下tomcat,网上的教程很多,我也试了很多次,但是有一些教程关于tomcat配置是错误的,让我走上了歧途.差点重装系统,还好王总及时出手帮助 ...
- Ubuntu16.04 安装openjdk-7-jdk
Ubuntu16.04 安装openjdk-7-jdk sudo apt-get install openjdk-7-jre 或者sudo apt-get install openjdk-7-jdk ...
- Ubuntu16.04安装GTK3主题:OSX-Arc
Ubuntu16.04安装GTK3主题:OSX-Arc GTK3主题:OSX-Arc描述: 前几个月,Gnome3.20升3.22的时候,出现了大量主题崩溃的现象,其中包括Arc.Flatabulou ...
- Ubuntu16.04安装opencv for python/c++
Ubuntu16.04安装opencv for python/c++ 网上关于opencv的安装已经有了不少资料,但是没有一篇资料能让我一次性安装成功,因此花费了大量时间去解决各种意外,希望这篇能给一 ...
- ubuntu16.04安装不上有道词典的解决办法
转自:http://www.linuxdiyf.com/linux/21143.html ubuntu16.04安装不上有道词典,提示: le@hu-pc:~/下载$ sudo dpkg -i you ...
- Ubuntu16.04安装mongodb
Ubuntu16.04安装mongodb copy from: http://blog.csdn.net/zhushh/article/details/52451441 1.导入软件源的公钥 sudo ...
- 【Tools】ubuntu16.04安装搜狗输入法
Ubuntu16,04 安装搜狗输入法 1.下载搜狗输入法的安装包 下载地址为:http://pinyin.sogou.com/linux/ 2.按键Ctr+Alt+T打开终端,输入以下命令切换到下载 ...
- Ubuntu16.04安装cuda9.0+cudnn7.0
Ubuntu16.04安装cuda9.0+cudnn7.0 这篇记录拖了好久,估计是去年6月份就已经安装过几遍,然后一方面因为俺比较懒,一方面后面没有经常在自己电脑上跑算法,比较少装cuda和cudn ...
- Ubuntu16.04安装TensorFlow及Mnist训练
版权声明:本文为博主原创文章,欢迎转载,并请注明出处.联系方式:460356155@qq.com TensorFlow是Google开发的开源的深度学习框架,也是当前使用最广泛的深度学习框架. 一.安 ...
随机推荐
- redis启动出现错误 can't chdir ...
启动redis出现以下错误:[15816] *********** # Can't chdir to ’**********‘ :No such file or directory 解决方法:手动创建 ...
- CF1200D 【White Lines】
退役快一年了之后又打了场紧张刺激的$CF$(斜眼笑) 然后发现$D$题和题解里的大众做法不太一样 (思路清奇) 题意不再赘述,我们可以看到这个题~~好做~~在只有一次擦除机会,尝试以此为突破口解决问题 ...
- 科xue上网工具
原来这样严格了吗 收藏一个工具列表: http://next.36kr.com/posts/collections/75
- 深入V8引擎-写在前面
这一篇不打算讲技术,聊点别的吧,写这个的原因主要是看到了我博客园的签名,开始这个最终源码系列前想说点什么. 转行前端(达成) 入行1年vue源码(达成).webpack源码(半达成) 入行2年争取读通 ...
- WPF MainWindow的TopMost,Resizemode
Topmost -[true,false] The default is false, but if set to true, your Window will stay on top of othe ...
- Bootstrap3-导航条
1. 定义导航条 <!-- 导航条 navbar --> <div class="navbar nav-bar-default"> <ul class ...
- python接收字符并回显
# -*- coding: utf-8 -* import serial import time # 打开串口 ser = serial.Serial("/dev/ttyAMA0" ...
- delphi 接口
第四章 接口 前不久,有位搞软件的朋友给我出了个谜语.谜面是“相亲”,让我猜一软件术语.我大约想了一分钟,猜 出谜底是“面向对象”.我觉得挺有趣,灵机一动想了一个谜语回敬他.谜面是“ ...
- 字符串替换replace方法
字符串替换replace方法: http://www.w3school.com.cn/jsref/jsref_replace.asp http://www.cnblogs.com/skywang/ar ...
- 联盟链IBM的超级账本Hyperledger Fabric框架,JP Morgan’s Quorum
联盟链IBM的超级账本Hyperledger Fabric框架,JP Morgan’s Quorum JP Morgan’s Quorum https://www.coindesk.com/jpmor ...