处理流程
-
input 输入
类型支持:log和stdin
-
filter 处理
input时处理 output前处理 – process include_lines exclude_linesexclude_files drop_evetdrop_fieldsdecode_json_fieldsinclude_fields -
output 输出
-
Console
-
Elasticsearch
-
Logstash
-
Kafka
-
Redis
-
File
…
-
调试
-
通过stdin收集日志
-
通过console输出结果
#=========================== Filebeat inputs ============================= # List of inputs to fetch data. filebeat.inputs: #----------------------------- Stdin input ------------------------------- # Configuration to use stdin input - type: stdin #----------------------------- Console output --------------------------------- output.console: # Boolean flag to enable or disable the output module. enabled: true # Configure JSON encoding codec.json: # Pretty-print JSON event pretty: true测试收集数据
[root@localhost fiebeat]# head -n 2 /elk/es-9200/logs/es-9200.log | ./filebeat -e -c elasticsearch.yml