nohup ./filebeat -e -c filebeat.yml > filebeat.out &
tail -f filebeat.out
cd /etc/logstash/conf.d
vim kafka.conf
input {
kafka {
bootstrap_servers => "192.168.233.10:9092,192.168.233.20:9092,192.168.233.30:9092"
topics => "nginx"
type => "nginx_kafka"
codec => "json"
auto_offset_reset => "earliest"
decorate_events => true
}
}
output {
if "nginx" in [tags] {
elasticsearch {
hosts => ["192.168.233.12:9200","192.168.233.13:9200"]
index => "%{[fields][service_name]-%{+YYYY.MM.dd}}"
}
}
}
wqcodec => "json" 解析json格式的代码 auto_offset_reset => "earliest" 从头拉去,latest decorate_events => true 传递给es实例中的信息包含kafka的属性数据
test2
