前期博客
Filebeat的下载(图文讲解)
前提
Elasticsearch-2.4.3的下载(图文详解)
Elasticsearch-2.4.3的单节点安装(多种方式图文详解)
Elasticsearch-2.4.3的3节点安装(多种方式图文详解)
Logstash安装(图文详解)(多节点的ELK集群安装在一个节点就好)
Kibana安装(图文详解)(多节点的ELK集群安装在一个节点就好)
在此基础上,我们安装好ELK(Elasticsearch、Logstasg和kibana)之后,我们继续来安装,Filebeat。
Filebeat是轻量级的日志收集工具,使用go语言开发。
我这里的机器集群情况分别是:
HadoopMaster(192.168.80.10)、HadoopSlave1(192.168.80.11)和HadoopSlave2(192.168.80.12)。
1、上传elasticsearch-2.4.3.tar.gz压缩包
total 16828
drwxrwxr-x. 9 hadoop hadoop 4096 Feb 22 06:05 elasticsearch-2.4.3
-rw-r--r--. 1 hadoop hadoop 908862 Jan 10 11:38 elasticsearch-head-master.zip
-rw-r--r--. 1 hadoop hadoop 2228252 Jan 10 11:38 elasticsearch-kopf-master.zip
drwxr-xr-x. 10 hadoop hadoop 4096 Oct 31 17:15 hadoop-2.6.0
drwxr-xr-x. 15 hadoop hadoop 4096 Nov 14 2014 hadoop-2.6.0-src
drwxrwxr-x. 8 hadoop hadoop 4096 Nov 2 18:20 hbase-1.2.3
drwxr-xr-x. 8 hadoop hadoop 4096 Apr 11 2015 jdk1.7.0_79
drwxrwxr-x. 11 hadoop hadoop 4096 Nov 4 23:24 kibana-4.6.3-linux-x86_64
-rw-r--r--. 1 hadoop hadoop 10162116 Mar 25 10:00 marvel-2.4.4.tar.gz
-rw-r--r--. 1 hadoop hadoop 2332033 Jan 16 17:25 shield-2.4.3.zip
drwxrwxr-x. 9 hadoop hadoop 4096 Feb 25 19:18 tomcat-7.0.73
-rw-r--r--. 1 hadoop hadoop 1556618 Jan 16 17:22 watcher-2.4.3.zip
drwxr-xr-x. 10 hadoop hadoop 4096 Nov 1 23:39 zookeeper-3.4.6
[hadoop@HadoopMaster app]$ rz [hadoop@HadoopMaster app]$ ll
total 20512
drwxrwxr-x. 9 hadoop hadoop 4096 Feb 22 06:05 elasticsearch-2.4.3
-rw-r--r--. 1 hadoop hadoop 908862 Jan 10 11:38 elasticsearch-head-master.zip
-rw-r--r--. 1 hadoop hadoop 2228252 Jan 10 11:38 elasticsearch-kopf-master.zip
-rw-r--r--. 1 hadoop hadoop 3768614 Feb 25 11:06 filebeat-1.3.1-x86_64.tar.gz
drwxr-xr-x. 10 hadoop hadoop 4096 Oct 31 17:15 hadoop-2.6.0
drwxr-xr-x. 15 hadoop hadoop 4096 Nov 14 2014 hadoop-2.6.0-src
drwxrwxr-x. 8 hadoop hadoop 4096 Nov 2 18:20 hbase-1.2.3
drwxr-xr-x. 8 hadoop hadoop 4096 Apr 11 2015 jdk1.7.0_79
drwxrwxr-x. 11 hadoop hadoop 4096 Nov 4 23:24 kibana-4.6.3-linux-x86_64
-rw-r--r--. 1 hadoop hadoop 10162116 Mar 25 10:00 marvel-2.4.4.tar.gz
-rw-r--r--. 1 hadoop hadoop 2332033 Jan 16 17:25 shield-2.4.3.zip
drwxrwxr-x. 9 hadoop hadoop 4096 Feb 25 19:18 tomcat-7.0.73
-rw-r--r--. 1 hadoop hadoop 1556618 Jan 16 17:22 watcher-2.4.3.zip
drwxr-xr-x. 10 hadoop hadoop 4096 Nov 1 23:39 zookeeper-3.4.6
[hadoop@HadoopMaster app]$
2、解压缩filebeat-1.3.1-x86_64.tar.gz压缩包
total 20512
drwxrwxr-x. 9 hadoop hadoop 4096 Feb 22 06:05 elasticsearch-2.4.3
-rw-r--r--. 1 hadoop hadoop 908862 Jan 10 11:38 elasticsearch-head-master.zip
-rw-r--r--. 1 hadoop hadoop 2228252 Jan 10 11:38 elasticsearch-kopf-master.zip
-rw-r--r--. 1 hadoop hadoop 3768614 Feb 25 11:06 filebeat-1.3.1-x86_64.tar.gz
drwxr-xr-x. 10 hadoop hadoop 4096 Oct 31 17:15 hadoop-2.6.0
drwxr-xr-x. 15 hadoop hadoop 4096 Nov 14 2014 hadoop-2.6.0-src
drwxrwxr-x. 8 hadoop hadoop 4096 Nov 2 18:20 hbase-1.2.3
drwxr-xr-x. 8 hadoop hadoop 4096 Apr 11 2015 jdk1.7.0_79
drwxrwxr-x. 11 hadoop hadoop 4096 Nov 4 23:24 kibana-4.6.3-linux-x86_64
-rw-r--r--. 1 hadoop hadoop 10162116 Mar 25 10:00 marvel-2.4.4.tar.gz
-rw-r--r--. 1 hadoop hadoop 2332033 Jan 16 17:25 shield-2.4.3.zip
drwxrwxr-x. 9 hadoop hadoop 4096 Feb 25 19:18 tomcat-7.0.73
-rw-r--r--. 1 hadoop hadoop 1556618 Jan 16 17:22 watcher-2.4.3.zip
drwxr-xr-x. 10 hadoop hadoop 4096 Nov 1 23:39 zookeeper-3.4.6
[hadoop@HadoopMaster app]$ tar -zxvf filebeat-1.3.1-x86_64.tar.gz
filebeat-1.3.1-x86_64/
filebeat-1.3.1-x86_64/filebeat
filebeat-1.3.1-x86_64/filebeat.template.json
filebeat-1.3.1-x86_64/filebeat.yml
[hadoop@HadoopMaster app]$ ll
total 20516
drwxrwxr-x. 9 hadoop hadoop 4096 Feb 22 06:05 elasticsearch-2.4.3
-rw-r--r--. 1 hadoop hadoop 908862 Jan 10 11:38 elasticsearch-head-master.zip
-rw-r--r--. 1 hadoop hadoop 2228252 Jan 10 11:38 elasticsearch-kopf-master.zip
drwxr-xr-x. 2 hadoop hadoop 4096 Sep 15 2016 filebeat-1.3.1-x86_64
-rw-r--r--. 1 hadoop hadoop 3768614 Feb 25 11:06 filebeat-1.3.1-x86_64.tar.gz
drwxr-xr-x. 10 hadoop hadoop 4096 Oct 31 17:15 hadoop-2.6.0
drwxr-xr-x. 15 hadoop hadoop 4096 Nov 14 2014 hadoop-2.6.0-src
drwxrwxr-x. 8 hadoop hadoop 4096 Nov 2 18:20 hbase-1.2.3
drwxr-xr-x. 8 hadoop hadoop 4096 Apr 11 2015 jdk1.7.0_79
drwxrwxr-x. 11 hadoop hadoop 4096 Nov 4 23:24 kibana-4.6.3-linux-x86_64
-rw-r--r--. 1 hadoop hadoop 10162116 Mar 25 10:00 marvel-2.4.4.tar.gz
-rw-r--r--. 1 hadoop hadoop 2332033 Jan 16 17:25 shield-2.4.3.zip
drwxrwxr-x. 9 hadoop hadoop 4096 Feb 25 19:18 tomcat-7.0.73
-rw-r--r--. 1 hadoop hadoop 1556618 Jan 16 17:22 watcher-2.4.3.zip
drwxr-xr-x. 10 hadoop hadoop 4096 Nov 1 23:39 zookeeper-3.4.6
[hadoop@HadoopMaster app]$
3、删除filebeat-1.3.1-x86_64.tar.gz压缩包和修改为hadoop权限。
[hadoop@HadoopMaster app]$ ll
total 20516
drwxrwxr-x. 9 hadoop hadoop 4096 Feb 22 06:05 elasticsearch-2.4.3
-rw-r--r--. 1 hadoop hadoop 908862 Jan 10 11:38 elasticsearch-head-master.zip
-rw-r--r--. 1 hadoop hadoop 2228252 Jan 10 11:38 elasticsearch-kopf-master.zip
drwxr-xr-x. 2 hadoop hadoop 4096 Sep 15 2016 filebeat-1.3.1-x86_64
-rw-r--r--. 1 hadoop hadoop 3768614 Feb 25 11:06 filebeat-1.3.1-x86_64.tar.gz
drwxr-xr-x. 10 hadoop hadoop 4096 Oct 31 17:15 hadoop-2.6.0
drwxr-xr-x. 15 hadoop hadoop 4096 Nov 14 2014 hadoop-2.6.0-src
drwxrwxr-x. 8 hadoop hadoop 4096 Nov 2 18:20 hbase-1.2.3
drwxr-xr-x. 8 hadoop hadoop 4096 Apr 11 2015 jdk1.7.0_79
drwxrwxr-x. 11 hadoop hadoop 4096 Nov 4 23:24 kibana-4.6.3-linux-x86_64
-rw-r--r--. 1 hadoop hadoop 10162116 Mar 25 10:00 marvel-2.4.4.tar.gz
-rw-r--r--. 1 hadoop hadoop 2332033 Jan 16 17:25 shield-2.4.3.zip
drwxrwxr-x. 9 hadoop hadoop 4096 Feb 25 19:18 tomcat-7.0.73
-rw-r--r--. 1 hadoop hadoop 1556618 Jan 16 17:22 watcher-2.4.3.zip
drwxr-xr-x. 10 hadoop hadoop 4096 Nov 1 23:39 zookeeper-3.4.6
[hadoop@HadoopMaster app]$ rm filebeat-1.3.1-x86_64.tar.gz
[hadoop@HadoopMaster app]$ ll
total 16832
drwxrwxr-x. 9 hadoop hadoop 4096 Feb 22 06:05 elasticsearch-2.4.3
-rw-r--r--. 1 hadoop hadoop 908862 Jan 10 11:38 elasticsearch-head-master.zip
-rw-r--r--. 1 hadoop hadoop 2228252 Jan 10 11:38 elasticsearch-kopf-master.zip
drwxr-xr-x. 2 hadoop hadoop 4096 Sep 15 2016 filebeat-1.3.1-x86_64
drwxr-xr-x. 10 hadoop hadoop 4096 Oct 31 17:15 hadoop-2.6.0
drwxr-xr-x. 15 hadoop hadoop 4096 Nov 14 2014 hadoop-2.6.0-src
drwxrwxr-x. 8 hadoop hadoop 4096 Nov 2 18:20 hbase-1.2.3
drwxr-xr-x. 8 hadoop hadoop 4096 Apr 11 2015 jdk1.7.0_79
drwxrwxr-x. 11 hadoop hadoop 4096 Nov 4 23:24 kibana-4.6.3-linux-x86_64
-rw-r--r--. 1 hadoop hadoop 10162116 Mar 25 10:00 marvel-2.4.4.tar.gz
-rw-r--r--. 1 hadoop hadoop 2332033 Jan 16 17:25 shield-2.4.3.zip
drwxrwxr-x. 9 hadoop hadoop 4096 Feb 25 19:18 tomcat-7.0.73
-rw-r--r--. 1 hadoop hadoop 1556618 Jan 16 17:22 watcher-2.4.3.zip
drwxr-xr-x. 10 hadoop hadoop 4096 Nov 1 23:39 zookeeper-3.4.6
[hadoop@HadoopMaster app]$
4、解读认识Filebeat的目录结构
这里,仅仅是在HadoopMaster安装,为例。
[hadoop@HadoopMaster app]$ cd filebeat-1.3.1-x86_64/
[hadoop@HadoopMaster filebeat-1.3.1-x86_64]$ pwd
/home/hadoop/app/filebeat-1.3.1-x86_64
[hadoop@HadoopMaster filebeat-1.3.1-x86_64]$ ll
total 11116
-rwxr-xr-x. 1 hadoop hadoop 11354200 Sep 15 2016 filebeat
-rw-r--r--. 1 hadoop hadoop 814 Sep 15 2016 filebeat.template.json
-rw-r--r--. 1 hadoop hadoop 17212 Sep 15 2016 filebeat.yml
[hadoop@HadoopMaster filebeat-1.3.1-x86_64]$
5、修改filebeat.yml文件配置文件
filebeat.yml(中文配置详解)
[hadoop@HadoopMaster filebeat-1.3.1-x86_64]$ pwd
/home/hadoop/app/filebeat-1.3.1-x86_64
[hadoop@HadoopMaster filebeat-1.3.1-x86_64]$ vim filebeat.yml
默认,/var/log/*.log。即监控/var/log下这个目录里所有以.log结尾的文件。
同时,比如配置的如果是:
则只会去/var/log目录的所有子目录中寻找以”.log”结尾的文件,而不会寻找/var/log目录下以”.log”结尾的文件。
注意:
如果说,你收集的日志,不需做任何解析,则可以用Filebeat收集到es里。
因为,我这里是,请移步,
ELK之日志查询、收集与分析系统
采用的是,如下这么一个架构。
架构设计3:filebeat(1.3)(3台)-->redis-->logstash(parse)-->es集群-->kibana--ngix(可选) (我这里,目前为了学习,走这条线路)
所以,我这里就把默认的(filebeat收集后放到es里),给注销掉。以后自己可以改回来。
启动 filebeat
[hadoop@HadoopMaster filebeat-1.3.1-x86_64]$ pwd
/home/hadoop/app/filebeat-1.3.1-x86_64
[hadoop@HadoopMaster filebeat-1.3.1-x86_64]$ ll
total 11116
-rwxr-xr-x. 1 hadoop hadoop 11354200 Sep 15 2016 filebeat
-rw-r--r--. 1 hadoop hadoop 814 Sep 15 2016 filebeat.template.json
-rw-r--r--. 1 hadoop hadoop 17212 Sep 15 2016 filebeat.yml
[hadoop@HadoopMaster filebeat-1.3.1-x86_64]$ ./filebeat -c filebeat.yml
初步修改好配置文件之后,我这里打开HadoopMaster(因为Filebeat安装在这台)的另一个窗口。
[hadoop@HadoopMaster ~]$ pwd
/home/hadoop
[hadoop@HadoopMaster ~]$ ll
total 40
drwxrwxr-x. 11 hadoop hadoop 4096 Mar 26 18:49 app
drwxrwxr-x. 7 hadoop hadoop 4096 Mar 25 06:34 data
drwxr-xr-x. 2 hadoop hadoop 4096 Oct 31 17:19 Desktop
drwxr-xr-x. 2 hadoop hadoop 4096 Oct 31 17:19 Documents
drwxr-xr-x. 2 hadoop hadoop 4096 Oct 31 17:19 Downloads
drwxr-xr-x. 2 hadoop hadoop 4096 Oct 31 17:19 Music
drwxr-xr-x. 2 hadoop hadoop 4096 Oct 31 17:19 Pictures
drwxr-xr-x. 2 hadoop hadoop 4096 Oct 31 17:19 Public
drwxr-xr-x. 2 hadoop hadoop 4096 Oct 31 17:19 Templates
drwxr-xr-x. 2 hadoop hadoop 4096 Oct 31 17:19 Videos
[hadoop@HadoopMaster ~]$ touch app.log
[hadoop@HadoopMaster ~]$ echo My name is zhouls >> app.log
[hadoop@HadoopMaster ~]$ more app.log
My name is zhouls
[hadoop@HadoopMaster ~]$
立马,对应这边,是
[hadoop@HadoopMaster filebeat-1.3.1-x86_64]$ ll
total 11116
-rwxr-xr-x. 1 hadoop hadoop 11354200 Sep 15 2016 filebeat
-rw-r--r--. 1 hadoop hadoop 814 Sep 15 2016 filebeat.template.json
-rw-r--r--. 1 hadoop hadoop 17218 Mar 26 19:58 filebeat.yml
[hadoop@HadoopMaster filebeat-1.3.1-x86_64]$ ./filebeat -c filebeat.yml
{"@timestamp":"2017-03-26T11:59:26.392Z",
"beat":{"hostname":"HadoopMaster","name":"HadoopMaster"},
"count":1,
"fields":null,
"input_type":"log",
"message":"My name is zhouls",
"offset":0,
"source":"/home/hadoop/app.log",
"type":"log"}
同时,继续等待下一个的数据收集,其实啊,功能类似与hadoop里的flume。这个很简单
若想,深入学习的,请移步,
http://www.cnblogs.com/zlslch/category/894300.html
filebeat的帮助命令
[hadoop@HadoopMaster filebeat-1.3.1-x86_64]$ pwd
/home/hadoop/app/filebeat-1.3.1-x86_64
[hadoop@HadoopMaster filebeat-1.3.1-x86_64]$ ./filebeat -h
Usage of ./filebeat:
-N Disable actual publishing for testing
-c string
Configuration file (default "/home/hadoop/app/filebeat-1.3.1-x86_64/filebeat.yml")
-configtest
Test configuration and exit.
-cpuprofile string
Write cpu profile to file
-d string
Enable certain debug selectors
-e Log to stderr and disable syslog/file output
-httpprof string
Start pprof http server
-memprofile string
Write memory profile to this file
-v Log at INFO level
-version
Print version and exit
[hadoop@HadoopMaster filebeat-1.3.1-x86_64]$
filebeat的后台运行
[hadoop@HadoopMaster filebeat-1.3.1-x86_64]$ pwd
/home/hadoop/app/filebeat-1.3.1-x86_64
[hadoop@HadoopMaster filebeat-1.3.1-x86_64]$ nohup ./filebeat -e -c filebeat.yml >/dev/null 2>&1 &
[1] 2697
[hadoop@HadoopMaster filebeat-1.3.1-x86_64]$
为了后期调试和排除问题方便。建议开启日志(可选)
去修改filebeat.yml配置文件Logging部分
[hadoop@HadoopMaster filebeat-1.3.1-x86_64]$ pwd
/home/hadoop/app/filebeat-1.3.1-x86_64
[hadoop@HadoopMaster filebeat-1.3.1-x86_64]$ ll
total 11116
-rwxr-xr-x. 1 hadoop hadoop 11354200 Sep 15 2016 filebeat
-rw-r--r--. 1 hadoop hadoop 814 Sep 15 2016 filebeat.template.json
-rw-r--r--. 1 hadoop hadoop 17218 Mar 26 19:58 filebeat.yml
[hadoop@HadoopMaster filebeat-1.3.1-x86_64]$ vim filebeat.yml
logging: logging: # Send all logging output to syslog. On Windows default is false, otherwise
# default is true.
to_syslog: false # Write all logging output to files. Beats automatically rotate files if rotateeverybytes
# limit is reached.
to_files: true # To enable logging to files, to_files option has to be set to true
files:
# The directory where the log files will written to.
path: /home/hadoop/mybeat (日志保存的目录) # The name of the files where the logs are written to.
name: mybeat (日志文件名) # Configure log file size limit. If limit is reached, log file will be
# automatically rotated
rotateeverybytes: 10485760 # = 10MB (当日志文件达到10M的时候会滚动生成一个新文件) # Number of rotated log files to keep. Oldest files will be deleted first.
keepfiles: 7 (文件保留时间 7天) # Enable debug output for selected components. To enable all selectors use ["*"]
# Other available selectors are beat, publish, service
# Multiple selectors can be chained.
#selectors: [ ] # Sets log level. The default log level is error.
# Available log levels are: critical, error, warning, info, debug
level: debug (在调试期间可以把日志级别调整为debug级别,正式运行的时候可以调整为info或者error级别)
然后,我们再次启动filebeat,来查看它的日志
[hadoop@HadoopMaster filebeat-1.3.1-x86_64]$ pwd
/home/hadoop/app/filebeat-1.3.1-x86_64
[hadoop@HadoopMaster filebeat-1.3.1-x86_64]$ ./filebeat -c filebeat.yml
[hadoop@HadoopMaster ~]$ pwd
/home/hadoop
[hadoop@HadoopMaster ~]$ ll
total 44
drwxrwxr-x. 11 hadoop hadoop 4096 Mar 26 18:49 app
-rw-rw-r--. 1 hadoop hadoop 18 Mar 26 19:59 app.log
drwxrwxr-x. 7 hadoop hadoop 4096 Mar 25 06:34 data
drwxr-xr-x. 2 hadoop hadoop 4096 Oct 31 17:19 Desktop
drwxr-xr-x. 2 hadoop hadoop 4096 Oct 31 17:19 Documents
drwxr-xr-x. 2 hadoop hadoop 4096 Oct 31 17:19 Downloads
drwxr-xr-x. 2 hadoop hadoop 4096 Oct 31 17:19 Music
drwxr-xr-x. 2 hadoop hadoop 4096 Oct 31 17:19 Pictures
drwxr-xr-x. 2 hadoop hadoop 4096 Oct 31 17:19 Public
drwxr-xr-x. 2 hadoop hadoop 4096 Oct 31 17:19 Templates
drwxr-xr-x. 2 hadoop hadoop 4096 Oct 31 17:19 Videos
[hadoop@HadoopMaster ~]$ ll
total 48
drwxrwxr-x. 11 hadoop hadoop 4096 Mar 26 18:49 app
-rw-rw-r--. 1 hadoop hadoop 18 Mar 26 19:59 app.log
drwxrwxr-x. 7 hadoop hadoop 4096 Mar 25 06:34 data
drwxr-xr-x. 2 hadoop hadoop 4096 Oct 31 17:19 Desktop
drwxr-xr-x. 2 hadoop hadoop 4096 Oct 31 17:19 Documents
drwxr-xr-x. 2 hadoop hadoop 4096 Oct 31 17:19 Downloads
drwxr-xr-x. 2 hadoop hadoop 4096 Oct 31 17:19 Music
drwxr-xr-x. 2 hadoop hadoop 4096 Mar 26 20:35 mybeat
drwxr-xr-x. 2 hadoop hadoop 4096 Oct 31 17:19 Pictures
drwxr-xr-x. 2 hadoop hadoop 4096 Oct 31 17:19 Public
drwxr-xr-x. 2 hadoop hadoop 4096 Oct 31 17:19 Templates
drwxr-xr-x. 2 hadoop hadoop 4096 Oct 31 17:19 Videos
[hadoop@HadoopMaster ~]$
[hadoop@HadoopMaster mybeat]$ pwd
/home/hadoop/mybeat
[hadoop@HadoopMaster mybeat]$ ll
total 12
-rw-rw-r--. 1 hadoop hadoop 9497 Mar 26 20:37 mybeat
[hadoop@HadoopMaster mybeat]$ more mybeat
2017-03-26T20:35:42+08:00 DBG Disable stderr logging
2017-03-26T20:35:42+08:00 DBG Initializing output plugins
2017-03-26T20:35:42+08:00 INFO GeoIP disabled: No paths were set under output.geoip.paths
2017-03-26T20:35:42+08:00 INFO Activated console as output plugin.
2017-03-26T20:35:42+08:00 DBG Create output worker
2017-03-26T20:35:42+08:00 DBG No output is defined to store the topology. The server fields might not be filled.
2017-03-26T20:35:42+08:00 INFO Publisher name: HadoopMaster
2017-03-26T20:35:42+08:00 INFO Flush Interval set to: 1s
2017-03-26T20:35:42+08:00 INFO Max Bulk Size set to: 2048
2017-03-26T20:35:42+08:00 DBG create bulk processing worker (interval=1s, bulk size=2048)
2017-03-26T20:35:42+08:00 INFO Init Beat: filebeat; Version: 1.3.1
2017-03-26T20:35:42+08:00 INFO filebeat sucessfully setup. Start running.
2017-03-26T20:35:42+08:00 INFO Registry file set to: /home/hadoop/app/filebeat-1.3.1-x86_64/.filebeat
2017-03-26T20:35:42+08:00 INFO Loading registrar data from /home/hadoop/app/filebeat-1.3.1-x86_64/.filebeat
2017-03-26T20:35:42+08:00 DBG Set idleTimeoutDuration to 5s
2017-03-26T20:35:42+08:00 DBG File Configs: [/home/hadoop/app.log]
2017-03-26T20:35:42+08:00 INFO Set ignore_older duration to 0s
2017-03-26T20:35:42+08:00 INFO Set close_older duration to 1h0m0s
2017-03-26T20:35:42+08:00 INFO Set scan_frequency duration to 10s
2017-03-26T20:35:42+08:00 INFO Input type set to: log
2017-03-26T20:35:42+08:00 INFO Set backoff duration to 1s
2017-03-26T20:35:42+08:00 INFO Set max_backoff duration to 10s
2017-03-26T20:35:42+08:00 INFO force_close_file is disabled
2017-03-26T20:35:42+08:00 DBG Waiting for 1 prospectors to initialise
2017-03-26T20:35:42+08:00 INFO Starting prospector of type: log
2017-03-26T20:35:42+08:00 DBG exclude_files: []
2017-03-26T20:35:42+08:00 DBG scan path /home/hadoop/app.log
扩展延伸(进一步建议学习,更贴近生产)
Filebeat之input和output(包含Elasticsearch Output 、Logstash Output、 Redis Output、 File Output和 Console Output)
