filebeat

logstash 從redis中取日誌存到elasticsearch

input{
  redis{
    data_type => "list"
    host => "192.168.56.11"
    db = "1"
    port => "6379"  
    password => "123456"
    key => "rsyslog-5612"
  }
}

output{
  elasticsearch{
    hosts => "[192.168.56.11:9200]"
    index => "redis-rsyslog-5612"
  }
}


filebeat 
filebeat.prospectors:
- type: log
  enabled: true
  paths:
    - /var/log/*.log
    - /var/log/messages      #配置收集的日誌路徑
  exclude_lines: ['^DBG',"^$"]     #排除以DBG開頭和空行
  document_type: filesystem-log-5612    #設置類型
filebeat.config.modules:
  path: ${path.config}/modules.d/*.yml
  reload.enabled: false
setup.template.settings:
  index.number_of_shards: 3
setup.kibana:
output.file:     #輸出到文件
  path: "/tmp"
  filename: "filebeat.txt" 



filebeat.prospectors:
- input_type: log
  paths:
    - /var/log/*.log
    - /var/log/messages            #配置收集的日誌路徑
  exclude_lines: ['^DBG',"^$"]     #排除以DBG開頭和空行
  document_type: filesystem-log-5612    #設置類型

output.file:                                  #輸出到文件
  path: "/tmp"
  filename: "filebeat.txt" 

output.redis:                              #輸出到redis
  hosts: "192.168.56.12"
  db: "2"
  port: "6379"
  password: "123456"
  key: "filesystem-log-5612"