# 安装 filebeat
下载
bash
cd /chz/install/filebeat
wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-8.13.4-linux-x86_64.tar.gz解压
bash
tar zxvf filebeat-8.13.4-linux-x86_64.tar.gz修改配置文件
bash
cd /chz/install/filebeat/filebeat-8.13.4-linux-x86_64
vim filebeat.yml
<<<<
filebeat.inputs:
- type: filestream
id: my-filestream-id
enabled: true
paths:
- /chz/install/elk/logs/*.log
# 将文件里面原有的output相关的内容删除,然后添加以下内容
output.kafka:
hosts: ["192.168.44.228:9092"]
topic: upload_from_filebeat
>>>>启动filebeat
bash
./filebeat -e --strict.perms=false# 测试
进入filebeat扫描日志的目录
bash
cd /chz/install/elk/logs往日志文件里面写入一点数据
bash
echo "chz ::: $(date -R)" >> a.log
echo "chz ::: $(date -R)" >> a.log
echo "chz ::: $(date -R)" >> a.log看下之前已经准备好的kafka consumer是否收到了数据
从截图里面可以看出日志数据已经被消费到了