https://github.com/elastic/beats-dashboards


一、介绍

filebeat貌似功能笔logstash更好,是下一代的日志收集器。

topbeat定期收集系统信息如每个进程信息、负载、内存、磁盘等等,然后将数据发送到elasticsearch进行索引。

packetbeat可以分析某个时间段mysql或者mongodb的慢查询日志情况;还有I/O吞吐量;这个时间段内经常执行的查询语句,http访问情况等信息;然后将分析出来的结果以图表的形式展现出来。


二、需要的beats包

filebeat-1.2.3-x86_64.rpm

topbeat-1.2.2-x86_64.rpm

packetbeat-1.2.2-x86_64.rpm



三、安装beats


1、安装filebeat

[root@ossec-server ~]# rpm -ivh filebeat-1.2.3-x86_64.rpm 

warning: filebeat-1.2.3-x86_64.rpm: Header V4 RSA/SHA1 Signature, key ID d88e42b4: NOKEY

Preparing...                ########################################### [100%]

   1:filebeat               ########################################### [100%]


[root@ossec-server ~]# curl -XPUT 'http://localhost:9200/_template/filebeat?pretty' -d@/etc/filebeat/filebeat.template.json

{

  "acknowledged" : true

}



[root@ossec-server ~]# /etc/init.d/filebeat start

Stopping filebeat:                                         [FAILED]

Starting filebeat:                                         [  OK  ]



2、安装topbeat

[root@ossec-server ~]# rpm -ivh topbeat-1.2.2-x86_64.rpm 

Preparing...                ########################################### [100%]

package topbeat-1.2.2-1.x86_64 is already installed



[root@ossec-server ~]# curl -XPUT 'http://localhost:9200/_template/topbeat' -d@/etc/topbeat/topbeat.template.json

{"acknowledged":true}

[root@ossec-server ~]# /etc/init.d/topbeat start




3、安装packetbeat

[root@ossec-server ~]# rpm -ivh packetbeat-1.2.2-x86_64.rpm 

Preparing...                ########################################### [100%]

package packetbeat-1.2.2-1.x86_64 is already installed


[root@ossec-server ~]# curl -XPUT 'http://localhost:9200/_template/packetbeat' -d@/etc/packetbeat/packetbeat.template.json

{"acknowledged":true}


[root@ossec-server ~]# /etc/init.d/topbeat start

Starting topbeat:                                          [  OK  ]



4、安装dashboards

[root@ossec-server ~]# git clone https://github.com/elastic/beats-dashboards.git

Initialized empty Git repository in /root/beats-dashboards/.git/

remote: Counting objects: 1303, done.

remote: Total 1303 (delta 0), reused 0 (delta 0), pack-reused 1303

Receiving objects: 100% (1303/1303), 2.75 MiB | 152 KiB/s, done.

Resolving deltas: 100% (892/892), done.


[root@ossec-server ~]# cd beats-dashboards


[root@ossec-server beats-dashboards]# sh load.sh -url http://localhost:9200

Loading dashboards to http://localhost:9200 in .kibana

{"error":"IndexAlreadyExistsException[[.kibana] already exists]","status":400}{"acknowledged":true}Loading search Cache-transactions:

{"_index":".kibana","_type":"search","_id":"Cache-transactions","_version":1,"created":true}

Loading search DB-transactions:

{"_index":".kibana","_type":"search","_id":"DB-transactions","_version":1,"created":true}

Loading search Default-Search:

{"_index":".kibana","_type":"search","_id":"Default-Search","_version":1,"created":true}

Loading search Filesystem-stats:

{"_index":".kibana","_type":"search","_id":"Filesystem-stats","_version":1,"created":true}

Loading search HTTP-errors:

{"_index":".kibana","_type":"search","_id":"HTTP-errors","_version":1,"created":true}

Loading search MongoDB-errors:

{"_index":".kibana","_type":"search","_id":"MongoDB-errors","_version":1,"created":true}

Loading search MongoDB-transactions:

{"_index":".kibana","_type":"search","_id":"MongoDB-transactions","_version":1,"created":true}

Loading search MongoDB-transactions-with-write-concern-0:

{"_index":".kibana","_type":"search","_id":"MongoDB-transactions-with-write-concern-0","_version":1,"created":true}



5、添加beats索引