需求:Windows dhcp日志需要实时传输到elk或者其他告警平台。
1、filebeat下载地址:https://www.elastic.co/cn/downloads/beats/filebeat
2、下载后解压后配置filebeat.yml文件,
3、README.md文件中有运行的操作方法:cmd上进入filebeat的目录下执行filebeat -c filebeat.yml -e即可运行。
Welcome to Filebeat 8.10.3
Filebeat sends log files to Logstash or directly to Elasticsearch.
Getting Started
To get started with Filebeat, you need to set up Elasticsearch on
your localhost first. After that, start Filebeat with:
./filebeat -c filebeat.yml -e
This will start Filebeat and send the data to your Elasticsearch
instance. To load the dashboards for Filebeat into Kibana, run:
./filebeat setup -e
For further steps visit the
Quick start(https://www.elastic.co/guide/en/beats/filebeat/8.10/filebeat-installation-configuration.html) guide.
Documentation
Visit Elastic.co Docs(https://www.elastic.co/guide/en/beats/filebeat/8.10/index.html)
for the full Filebeat documentation.
Release notes
https://www.elastic.co/guide/en/beats/libbeat/8.10/release-notes-8.10.3.html
#备注:遇到gbk的文件,在centos上乱码,可以filebeat转一下
filebeat.inputs:
- type: log
encoding: GB2312