Filebeat没有将日志推送到Elasticsearch
[英]Filebeat not pushing logs to Elasticsearch
问题描述
I am new to docker and all this logging stuff so maybe I'm making a stuipd mistake so thanks for helping in advance. 
我是Docker和所有这些日志记录人员的新手,所以也许我犯了一个严重的错误,所以感谢您提前提供帮助。 I have ELK running aa docker container (6.2.2) via Dockerfile line: 我有ELK通过Dockerfile行运行一个docker容器(6.2.2):
FROM sebp/elk:latest
In a separate container I am installing and running Filebeat via the folling Dockerfile lines: 在另一个容器中,我通过以下Dockerfile行安装和运行Filebeat:
RUN curl -L -O -k https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.2.2-amd64.deb
RUN dpkg -i filebeat-6.2.2-amd64.deb
COPY resources/filebeat/filebeat.yml /etc/filebeat/filebeat.yml
RUN chmod go-w /etc/filebeat/filebeat.yml
RUN /usr/share/filebeat/bin/filebeat -e -d "publish" &
My Filebeat configuration is: 我的Filebeat配置是:
filebeat.prospectors:
- type: log
enabled: true
paths:
- /jetty/jetty-distribution-9.3.8.v20160314/logs/*.log
output.logstash:
enabled: false
hosts: ["elk-stack:9002"]
#index: 'audit'
output.elasticsearch:
enabled: true
hosts: ["elk-stack:9200"]
#index: "audit-%{+yyyy.MM.dd}"
path.config: "/etc/filebeat"
#setup.template.name: "audit"
#setup.template.pattern: "audit-*"
#setup.template.fields: "${path.config}/fields.yml"
As you can see I was trying to do a custom index into elasticsearch, but now I'm just trying to get the default working first. 如您所见,我试图在Elasticsearch中创建自定义索引,但是现在我只是想先尝试使用默认索引。 The jetty logs all have global read permissions. 码头日志均具有全局读取权限。
The docker container logs show no errors and after running I make sure the config and output are OK: docker容器日志未显示任何错误,运行后,请确保配置和输出正常:
# filebeat test config
Config OK
# filebeat test output
elasticsearch: http://elk-stack:9200...
parse url... OK
connection...
parse host... OK
dns lookup... OK
addresses: 172.17.0.3
dial up... OK
TLS... WARN secure connection disabled
talk to server... OK
version: 6.2.2
/var/log/filebeat/filebeat shows: / var / log / filebeat / filebeat显示:
2018-03-15T13:23:38.859Z INFO instance/beat.go:468 Home path: [/usr/share/filebeat] Config path: [/etc/filebeat] Data path: [/var/lib/filebeat] Logs path: [/var/log/filebeat]
2018-03-15T13:23:38.860Z INFO instance/beat.go:475 Beat UUID: ed5cecaf-cbf5-438d-bbb9-30bab80c4cb9
2018-03-15T13:23:38.860Z INFO elasticsearch/client.go:145 Elasticsearch url: http://elk-stack:9200
2018-03-15T13:23:38.891Z INFO elasticsearch/client.go:690 Connected to Elasticsearch version 6.2.2
However when i hit localhost:9200/_cat/indices?v it doesn't return any indices: 但是当我打localhost:9200 / _cat / indices?v时,它不返回任何索引:
health status index uuid pri rep docs.count docs.deleted store.size pri.store.size
How do I get this working? 我该如何工作? I am out of ideas. 我没主意。 Thanks again for any help. 再次感谢任何帮助。
1 个解决方案
解决方案1
0 已采纳 2018-03-21 13:17:21
To answer my own question you can't start filebeat with: 要回答我自己的问题,您不能使用以下命令启动文件拍:
RUN /usr/share/filebeat/bin/filebeat -e -d "publish" &
and have it keep running once the container starts. 并在容器启动后使其继续运行。 Need to manually start it or have it start in its own container with an ENTRYPOINT tag. 需要手动启动它或使用ENTRYPOINT标记将其启动在自己的容器中。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.