Filebeat在Windows 2012 R2

Question

我使用Filebeat> Logstash> Elasticsearch> Kibana解析和分析日誌基本的Java堆棧跟蹤和其他記錄。

這裏是陽明爲Filebeat

filebeat: 
    prospectors: 
    - 
     paths: 
     - C:\logs\OCR\example.log 
     input_type: log 
     #document_type: UAT_EXAMPLE 
     exclude_lines: [".+DEBUG"] 
     multiline: 
     pattern: ".+(ERROR|INFO)" 
     negate: true 
     match: after 
     fields: 
     app_name: EXAMPLE_APP 
     environment: UAT 
     fields_under_root: true 
     #force_close_files: true 
     spool_size: 2048 
     #publish_async: true 
     #scan_frequency: 10s 
     #close_older: 2h 

output: 
    logstash: 
    host: "10.0.64.14" 
    port: 5044 
    index: filebeat 
    timeout: 5 
    reconnect_interval: 3 
    bulk_max_size: 2048 

shipper: 
tags: ["ABC_Engine", "UAT_EXAMPLE"] 
queue_size: 1000 

### Enable logging of the filebeat 
logging: 
    level: warning 
    to_files: true 
    files: 
    path: c:\logs\ 
    name: mybeat.log 
    rotateeverybytes: 20485760 # = 20MB 
    keepfiles: 7 

啓用filebeat的記錄也不會在Windows上工作。如果我在這裏丟失任何東西，請告訴我。

logging: 
    level: warning 
    to_files: true 
    files: 
     path: c:\logs\ 
     name: mybeat.log 
     rotateeverybytes: 20485760 # = 20MB 
     keepfiles: 7 

問題 - Filebeat不能發送日誌在次logstash，有時它開始運行航運但有時事實並非如此。 雖然如果我通過使用「test.log中」作爲探礦和日誌保存在本地磁盤上的配置如下它運作良好。

文件寫入本地文件，檢查輸出。我已經嘗試過「文件」輸出和「logstash」輸出一個接一個。

output: 
file: 
path: c:\logs\ 
filename: filebeat 
rotate_every_kb: 100000 
number_of_files: 7 

另外，當我使用命令行時，大多數情況下運行的東西。 ：

\ filebeat.exe -c filebeat.yml -e -v

與正確配置的Windows請協助。 日誌文件「example.log」在每30 MB的大小進行輪換。

我不是很確定使用下面的屬性以及它們將如何與Filebeat在Windows上運行。

「close_older」 「ignore_older」 「記錄」

Answer 1

輸出到logstash：

評論elasticsearch線

然後

logstash: 
    # The Logstash hosts 
    hosts: ["localhost:5044"] 

保持[]

和config fo r記錄在調試模式例如

logging: 
# Send all logging output to syslog. On Windows default is false, otherwise 
# default is true. 
#to_syslog: true 

# Write all logging output to files. Beats automatically rotate files if  rotateeverybytes 
# limit is reached. 
#to_files: false 

# To enable logging to files, to_files option has to be set to true 
files: 
# The directory where the log files will written to. 
#path: /var/log/mybeat 
path: c:\PROGRA~1/filebeat 

# The name of the files where the logs are written to. 
name: filebeat.log 

# Configure log file size limit. If limit is reached, log file will be 
# automatically rotated 
rotateeverybytes: 10485760 # = 10MB 

# Number of rotated log files to keep. Oldest files will be deleted first. 
#keepfiles: 7 

# Enable debug output for selected components. To enable all selectors use ["*"] 
# Other available selectors are beat, publish, service 
# Multiple selectors can be chained. 
#selectors: [ ] 

# Sets log level. The default log level is error. 
# Available log levels are: critical, error, warning, info, debug 
level: debug 

日誌是在登錄部分，輸出logstash或彈性的搜索，如果你想知道你可以安裝爲服務轉到elastic.co網站：

https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-installation.html