要在Ubuntu上集成Filebeat与ELK(Elasticsearch, Logstash, Kibana)栈,你需要按照以下步骤操作:
安装Java: Elasticsearch和Logstash需要Java运行环境。你可以通过以下命令安装OpenJDK:
sudo apt update
sudo apt install openjdk-11-jdk
安装Elasticsearch:
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list
sudo apt update && sudo apt install elasticsearch
sudo systemctl start elasticsearch
sudo systemctl enable elasticsearch
安装Kibana:
wget -qO - https://artifacts.elastic.co/GPG-KEY-kibana | sudo apt-key add -
echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/kibana.list
sudo apt update && sudo apt install kibana
sudo systemctl start kibana
sudo systemctl enable kibana
安装Logstash(可选): 如果你需要Logstash来处理日志,可以按照以下步骤安装:
wget -qO - https://artifacts.elastic.co/GPG-KEY-logstash | sudo apt-key add -
echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/logstash.list
sudo apt update && sudo apt install logstash
sudo systemctl start logstash
sudo systemctl enable logstash
安装Filebeat:
wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.10.0-amd64.deb
sudo dpkg -i filebeat-7.10.0-amd64.deb
sudo systemctl start filebeat
sudo systemctl enable filebeat
配置Filebeat:
编辑Filebeat配置文件 /etc/filebeat/filebeat.yml,确保它指向你的Logstash或Elasticsearch实例。例如,如果你使用Logstash:
filebeat.inputs:
- type: log
enabled: true
paths:
- /var/log/*.log
output.logstash:
hosts: ["localhost:5044"]
如果你直接发送到Elasticsearch:
filebeat.inputs:
- type: log
enabled: true
paths:
- /var/log/*.log
output.elasticsearch:
hosts: ["localhost:9200"]
验证安装:
curl -X GET "localhost:9200"
curl -X GET "localhost:5601"
sudo filebeat modules enable system
sudo filebeat setup
按照这些步骤,你应该能够在Ubuntu上成功集成Filebeat与ELK栈。记得根据你的实际需求调整配置文件中的设置。
