logstash Windows 2012 R2上的文件节拍

4xrmg8kj 于 2023-01-07 发布在 Logstash

关注(0)|答案(1)|浏览(237)

我正在使用Filebeat〉Logstash〉Elasticsearch〉Kibana来解析和分析日志，基本上是Java堆栈跟踪和其他日志。
这里是用于Filebeat的YML

filebeat:
  prospectors:
    -
      paths:
        - C:\logs\OCR\example.log
      input_type: log
      #document_type: UAT_EXAMPLE
      exclude_lines: [".+DEBUG"]
      multiline:
         pattern: ".+(ERROR|INFO)"
         negate: true
         match: after
      fields:
         app_name: EXAMPLE_APP
         environment: UAT
      fields_under_root: true
      #force_close_files: true
      spool_size: 2048
      #publish_async: true
      #scan_frequency: 10s
      #close_older: 2h

output:
  logstash:
    host: "10.0.64.14"
    port: 5044
    index: filebeat
    timeout: 5
    reconnect_interval: 3
    bulk_max_size: 2048

shipper:
 tags: ["ABC_Engine", "UAT_EXAMPLE"]
 queue_size: 1000

###  Enable logging of the filebeat
logging:
  level: warning
  to_files: true
  files:
    path: c:\logs\
    name: mybeat.log
    rotateeverybytes: 20485760 # = 20MB
    keepfiles: 7

启用filebeat的日志记录在windows上也不起作用。如果我在这里遗漏了什么，请告诉我。

logging:
   level: warning
   to_files: true
   files:
      path: c:\logs\
      name: mybeat.log
      rotateeverybytes: 20485760 # = 20MB
      keepfiles: 7

问题-Filebeat有时无法将日志发送到logstash，有时它开始运行运输，但有时它没有。虽然如果我使用“test.log”作为探矿者，并通过以下配置将日志保存在本地磁盘上，它工作得很好。
正在将文件写入本地文件以检查输出。我已经逐一尝试了“file”输出和“logstash”输出。

output:
file:
path: c:\logs\
filename: filebeat
rotate_every_kb: 100000
number_of_files: 7

此外，当我使用命令行时，大多数东西都在运行：

.\filebeat.exe -c filebeat.yml -e -v

请协助正确配置Windows。
日志文件“example.log”每30 MB大小循环一次。
我不是很确定使用下面的属性，以及它们将如何在Windows上与Filebeat一起工作。
“关闭旧版本”“忽略旧版本”“日志记录”

logstash

来源：https://stackoverflow.com/questions/37673143/filebeat-on-windows-2012-r2

1条答案

按热度按时间

pbgvytdp1#

输出到logstash：
检索线
那么

logstash:
  # The Logstash hosts
   hosts: ["localhost:5044"]

保留[]
以及调试模式下的日志配置

logging:
# Send all logging output to syslog. On Windows default is false, otherwise
# default is true.
#to_syslog: true

# Write all logging output to files. Beats automatically rotate files if      rotateeverybytes
# limit is reached.
#to_files: false

# To enable logging to files, to_files option has to be set to true
 files:
# The directory where the log files will written to.
#path: /var/log/mybeat
path: c:\PROGRA~1/filebeat

# The name of the files where the logs are written to.
name: filebeat.log

# Configure log file size limit. If limit is reached, log file will be
# automatically rotated
rotateeverybytes: 10485760 # = 10MB

# Number of rotated log files to keep. Oldest files will be deleted first.
#keepfiles: 7

# Enable debug output for selected components. To enable all selectors use    ["*"]
# Other available selectors are beat, publish, service
# Multiple selectors can be chained.
#selectors: [ ]

# Sets log level. The default log level is error.
# Available log levels are: critical, error, warning, info, debug
 level: debug

LOGGING位于LOGGING部分，输出为logstash或ElasticSearch，如果您想知道是否可以作为服务安装，请访问elastic.co网站：
https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-installation.html

赞(0）回复(0）举报 2023-01-07

我来回答

logstash Windows 2012 R2上的文件节拍

1条答案

相关问题

热门标签

最新问答