docker run -d \
--name=filebeat_7.14_0 \ #filebeat名称
--user=root \
--volume="/data/filebeat/filebeat.yml:/usr/share/filebeat/filebeat.yml" \ #映射filebeat.yml配置
--volume="/data/filebeat/log:/usr/share/filebeat/log" \ #映射filebeat日志
--volume="/data/filebeat/data:/usr/share/filebeat/data" \ #映射filebeat数据
--volume="/data/log:/path/to/host/log" \ #映射主机的宿日志路径、很重要
docker.elastic.co/beats/filebeat:7.14.0 #filebeat版本
/data/filebeat:
root@xx filebeat\]# cat filebeat.yml filebeat.inputs: - type: log enabled: true paths: - /path/to/host/log/net/zb/10.1.1.1\* #真实宿主机路径是/data/log/net/zb/10.1.1.1\*的日志 fields: device_model: "test" kafka_topic: "测试-topic" #卡卡夫卡 topic #filebeat.config.modules: # path: ${path.config}/modules.d/\*.yml # reload.enabled: false #setup.template.settings: # index.number_of_shards: 1 #setup.template.enabled: true #setup.template.fields: fields.yml #setup.template.overwrite: true processors: - drop_fields: fields: \['agent', 'ecs', 'beat', 'input_type', 'tags', 'count', '@version', 'log', 'offset', 'type', 'host'
ignore_missing: false
output.kafka:
enabled: true
hosts: ["10.10.10.10:9092"] #输出到kafka中,写kafka的IP
topic: "%{[fields.kafka_topic]}"
compression: gzip
max_message_bytes: 1000000
python3测试有没有数据:
-*- coding: utf-8 -*-
import sys
import json
from kafka import KafkaConsumer #pip3 install kafka-python
for msg in KafkaConsumer('测试-topic',bootstrap_servers=['10.10.10.10:9092']):
jsonData = msg.value.decode('utf-8')
info = json.loads(jsonData)
print(info)