Packetbeat仪表板安装
[英]Packetbeat dashboard installation
问题描述
I am trying to install packetbeat dashboard and this command works as expected. 
我正在尝试安装packetbeat仪表板,此命令按预期工作。 I have installed matching version of Kibana. 我已经安装了匹配版本的Kibana。
docker run docker.elastic.co/beats/packetbeat:5.5.0 ./scripts/import_dashboards -es http://172.31.73.234:9200
When I try to install latest version of packetbeat, I get this error: 当我尝试安装最新版本的packetbeat时,出现以下错误:
docker run docker.elastic.co/beats/packetbeat:6.1.3 ./scripts/import_dashboards -es http://1.2.3.4:9200
/usr/local/bin/docker-entrypoint: line 13: /usr/share/packetbeat/packetbeat: Operation not permitted
I have checked that packetbeat and kibana are using the same version 6.1.3 我检查了packetbeat和kibana是否使用相同的版本6.1.3
1) Why does line 13 fails in case of version 6.1.3 and not in 5.5.0? 1)为什么在第6.1.3版而不是在5.5.0版中第13行失败?
2) Is there any other way to install packetbeat using docker? 2)还有其他使用docker安装packetbeat的方法吗?
Update: 更新:
In other words, this works where elastic and packetbeat both using the same version 5.6.7: 换句话说,这适用于使用相同版本5.6.7的elastic和packetbeat:
docker run docker.elastic.co/beats/packetbeat:5.6.7 ./scripts/import_dashboards -es https://0457e68d58e2479e1e73facc72f6cc56.us-east-1.aws.found.io:9243 -user elastic -pass XXX
But this does not with either elastic version 6 or kibana API: 但这不适用于弹性版本6或kibana API:
# docker run docker.elastic.co/beats/packetbeat:6.1.3 ./scripts/import_dashboards -es https://db301e3a9602f088035cc828312ebdf2.us-east-1.aws.found.io:9243 -user elastic -pass xxx
/usr/local/bin/docker-entrypoint: line 13: /usr/share/packetbeat/packetbeat: Operation not permitted
# docker run docker.elastic.co/beats/packetbeat:5.6.7 ./scripts/import_dashboards -es https://db301e3a9602f088035cc828312ebdf2.us-east-1.aws.found.io:9243 -user elastic -pass xxx
Initialize the Elasticsearch 6.1.3 loader
Elasticsearch URL https://db301e3a9602f088035cc828312ebdf2.us-east-1.aws.found.io:9243
For Elasticsearch version >= 6.0.0, the Kibana dashboards need to be imported via the Kibana API.
# docker run docker.elastic.co/beats/packetbeat:6.1.3 ./scripts/import_dashboards -es https://c2ddaa70b10cb93643b031042d4f6554.us-east-1.aws.found.io:9243 -user elastic -pass xxx
/usr/local/bin/docker-entrypoint: line 13: /usr/share/packetbeat/packetbeat: Operation not permitted
# docker run docker.elastic.co/beats/packetbeat:5.6.7 ./scripts/import_dashboards -es https://c2ddaa70b10cb93643b031042d4f6554.us-east-1.aws.found.io:9243 -user elastic -pass xxx
fail to create the Elasticsearch loader: Error creating Elasticsearch client: Couldn't connect to any of the configured Elasticsearch hosts
Exiting
1 个解决方案
解决方案1
0 已采纳 2018-02-10 06:42:28
This is something close to what I wanted to achieve. 这与我想要实现的目标很接近。 It is not based on docker, but it works! 它不是基于docker的,但是可以使用!
1) Download packetbeat: 1)下载packetbeat:
curl -L -O https://artifacts.elastic.co/downloads/beats/packetbeat/packetbeat-6.1.3-x86_64.rpm
sudo rpm -vi packetbeat-5.4.1-x86_64.rpm
cd /usr/share/packetbeat/
2) Configure packetbeat.yml file: 2)配置packetbeat.yml文件:
#-------------------------- Elasticsearch output ------------------------------
output.elasticsearch:
# Array of hosts to connect to.
hosts: ["611878ce312a4bc30040208f62a9c9341.us-east-1.aws.found.io:9243"]
# Optional protocol and basic auth credentials.
protocol: "https"
username: "elastic"
password: "xxx"
#============================== Kibana =====================================
setup.kibana:
host: "https://b0440709b5f76af035e0a5915a763ebf1.us-east-1.aws.found.io:9243"
#============================== Dashboards =====================================
setup.dashboards.enabled: true
3) Start packetbeat service 3)启动packetbeat服务
/etc/init.d/packetbeat restart
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.