Configuring Filebeat

Filebeat modules provide a quick way for you to get started processing common log formats. They contain default configurations, Elasticsearch ingest node pipeline definitions, and Kibana dashboards to help you implement and deploy a log monitoring solution.

filebeat模块提供了一个快速方式以便你立即开启普通格式日志的处理。包括:

1,默认配置

2,Elasticsearch ingest node pipeline definitions

3,Kibana dashboards


Filebeat provides a few different ways to enable modules. You can:

1,Enable module configs in the modules.d directoryedit

2,Enable modules when you run Filebeatedit

3,Enable module configs in the filebeat.yml file

filebeat提供了三种不同方式去开启模块:


When you enable modules, you can also specify variable settings to change the default behavior of the modules, and you can specify advanced settings to override input settings.

当你开启模块的时候,你同时可以通过指定变量设置的方式去改变加载模块的默认行为,并且你可以明确设置高级配置来覆盖input settings.

Enable module configs in the modules.d directory


The modules.d directory contains default configurations for all the modules available in Filebeat. You can enable or disable specific module configurations under modules.d by running the modules enable or modules disable commands.

For example, to enable the apache2 and mysql configs in the modules.d directory, you use:

./filebeat modules enable apache2 mysql

Then when you run Filebeat, it loads the corresponding module configurations specified in the modules.d directory (for example, modules.d/apache2.yml and modules.d/mysql.yml).

To see a list of enabled and disabled modules, run:

./filebeat modules list

The default module configurations assume that the logs you’re harvesting are in the location expected for your OS and that the behavior of the module is appropriate for your environment. To change the default configurations, you need to specify variable settings. See Specify variable settings.


Enable modules when you run Filebeat


To enable specific modules when you run Filebeat at the command line, you can use the --modules flag. This approach works well when you’re getting started and want to specify different modules and settings each time you run Filebeat. Any modules specified at the command line will be loaded along with any modules that are enabled in the configuration file or modules.d directory. If there’s a conflict, the configuration specified at the command line is used.

The following example shows how to enable and run the nginx,mysql, and system modules.

./filebeat -e --modules nginx,mysql,system

The default module configurations assume that the logs you’re harvesting are in the location expected for your OS and that the behavior of the module is appropriate for your environment. To change the default configurations, you need to specify variable settings. See Specify variable settings.


Enable module configs in the filebeat.yml file

When possible, you should use the config files in the modules.d directory.

However, enabling modules directly in the config file is a practical approach if you have upgraded from a previous version of Filebeat and don’t want to move your module configs to the modules.d directory. You can continue to configure modules in the filebeat.yml file, but you won’t be able to use the modules command to enable and disable configurations because the command requires the modules.d layout.

To enable specific modules in the filebeat.yml config file, you can add entries to the filebeat.modules list. Each entry in the list begins with a dash (-) and is followed by settings for that module.

The following example shows a configuration that runs the nginx,mysql, and system modules.

filebeat.modules:
- module: nginx
- module: mysql
- module: system

The default module configurations assume that the logs you’re harvesting are in the location expected for your OS and that the behavior of the module is appropriate for your environment. To change the default configurations, you need to specify variable settings. See Specify variable settings.





你可能感兴趣的:(elastic,stack)