我运行ELK和filebeat在两个不同的主机独立的docker-compose. yml。但是filebeat无法连接到logstash。在等待logstash管道启动之后,我可以正确地telnet到logstash telnet a.b.c.d 5044。
服务器端(a. b.c. d)
这是我的ELK堆栈文件。
version: '3.6'
services:
Elasticsearch:
image: elasticsearch:7.16.2
container_name: elasticsearch
restart: always
volumes:
- elastic_data:/usr/share/elasticsearch/data/
environment:
ES_JAVA_OPTS: "-Xmx256m -Xms256m"
discovery.type: single-node
xpack.security.enabled: false
ports:
- '9200:9200'
- '9300:9300'
Logstash:
image: logstash:7.16.2
container_name: logstash
restart: always
volumes:
- ./logstash/:/logstash_dir
command: logstash -f /logstash_dir/logstash.conf
depends_on:
- Elasticsearch
ports:
- '9600:9600'
- '5044:5044'
environment:
LS_JAVA_OPTS: "-Xmx256m -Xms256m"
Kibana:
image: kibana:7.16.2
container_name: kibana
restart: always
ports:
- '5601:5601'
environment:
- ELASTICSEARCH_URL=http://elasticsearch:9200
depends_on:
- Elasticsearch
volumes:
elastic_data: {}字符串
这是我的logstash.conf
input{
beats{
port => "5044"
}
}
output{
elasticsearch {
hosts => ["http://elasticsearch:9200"]
index => "logstash-2023.07.25-000001"
}
}型
客户端(e.f.g.h)
version: "2.4"
services:
filebeat:
image: docker.elastic.co/beats/filebeat:8.0.1
build: filebeat
container_name: filebeat
user: root
restart: unless-stopped
labels:
co.elastic.logs/enabled: "false"
volumes:
- type: bind
source: /var/run/docker.sock
target: /var/run/docker.sock
- type: bind
source: /var/lib/docker
target: /var/lib/docker
configs:
fb_config:
file: /mnt1/filebeat/config/filebeat.yml型
这是我的filebeat.yml
filebeat.inputs:
- type: container
enabled: true
paths:
- '/var/lib/docker/containers/*/*.log'
output.logstash:
hosts: ["a.b.c.d:5044"]型
有没有人可以帮助我,我如何通过filebeat将我的日志推送到logstash?
1条答案
按热度按时间ds97pgxw1#
已通过更新filebeat配置的装载解决此问题
更新filebeat docker-compose
字符串