Filebeat>是否可以通过Filebeat在没有Logstash的情况下将数据发送到Elasticsearch
[英]Filebeat > is it possible to send data to Elasticsearch by means of Filebeat without Logstash
问题描述
I am a newbie of ELK. 
我是ELK的新手。 I installed first Elasticsearch and Filebeat without Logstash, and I would like to send data from Filebeat to Elasticsearch. 我安装了第一个没有Logstash的Elasticsearch和Filebeat,我想将数据从Filebeat发送到Elasticsearch。 After I installed the Filebeat and configured the log files and Elasticsearch host, I started the Filebeat, but then nothing happened even though there are lots of rows in the log files, which Filebeats prospects. 在我安装了Filebeat并配置了日志文件和Elasticsearch主机之后,我启动了Filebeat,但是即使日志文件中有很多行,Filebeats的前景也没有发生任何事情。
So is it possible to forward log data directly to Elasticsearch host without Logstash at all? 那么是否可以在没有Logstash的情况下将日志数据直接转发到Elasticsearch主机? I 一世
1 个解决方案
解决方案1
1 已采纳 2016-04-25 10:58:57
It looks like your ES 2.3.1 is only configured to be reachable from localhost (default since ES 2.0) 看起来您的ES 2.3.1仅配置为可从localhost访问(默认自ES 2.0)
You need to modify your elasticsearch.yml file with this and restart ES: 您需要使用此修改elasticsearch.yml文件并重新启动ES:
network.host: 168.17.0.100
Then your filebeat output configuration needs to look like this: 然后你的filebeat输出配置需要如下所示:
output:
elasticsearch:
hosts: ["168.17.0.100:9200"]
Then you can check in your ES filebeat-* indices that you're getting the new log data (ie the hits.total count should increase over time): 然后你可以检查你的ES filebeat-*索引你得到的新日志数据(即hits.total计数应该随着时间的推移而增加):
curl -XGET 168.17.0.100:9200/filebeat-*/_search
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.