[英]Packetbeat dashboard installation
我正在嘗試安裝packetbeat儀表板,此命令按預期工作。 我已經安裝了匹配版本的Kibana。
docker run docker.elastic.co/beats/packetbeat:5.5.0 ./scripts/import_dashboards -es http://172.31.73.234:9200
當我嘗試安裝最新版本的packetbeat時,出現以下錯誤:
docker run docker.elastic.co/beats/packetbeat:6.1.3 ./scripts/import_dashboards -es http://1.2.3.4:9200
/usr/local/bin/docker-entrypoint: line 13: /usr/share/packetbeat/packetbeat: Operation not permitted
我檢查了packetbeat和kibana是否使用相同的版本6.1.3
1)為什么在第6.1.3版而不是在5.5.0版中第13行失敗?
2)還有其他使用docker安裝packetbeat的方法嗎?
更新:
換句話說,這適用於使用相同版本5.6.7的elastic和packetbeat:
docker run docker.elastic.co/beats/packetbeat:5.6.7 ./scripts/import_dashboards -es https://0457e68d58e2479e1e73facc72f6cc56.us-east-1.aws.found.io:9243 -user elastic -pass XXX
但這不適用於彈性版本6或kibana API:
# docker run docker.elastic.co/beats/packetbeat:6.1.3 ./scripts/import_dashboards -es https://db301e3a9602f088035cc828312ebdf2.us-east-1.aws.found.io:9243 -user elastic -pass xxx
/usr/local/bin/docker-entrypoint: line 13: /usr/share/packetbeat/packetbeat: Operation not permitted
# docker run docker.elastic.co/beats/packetbeat:5.6.7 ./scripts/import_dashboards -es https://db301e3a9602f088035cc828312ebdf2.us-east-1.aws.found.io:9243 -user elastic -pass xxx
Initialize the Elasticsearch 6.1.3 loader
Elasticsearch URL https://db301e3a9602f088035cc828312ebdf2.us-east-1.aws.found.io:9243
For Elasticsearch version >= 6.0.0, the Kibana dashboards need to be imported via the Kibana API.
# docker run docker.elastic.co/beats/packetbeat:6.1.3 ./scripts/import_dashboards -es https://c2ddaa70b10cb93643b031042d4f6554.us-east-1.aws.found.io:9243 -user elastic -pass xxx
/usr/local/bin/docker-entrypoint: line 13: /usr/share/packetbeat/packetbeat: Operation not permitted
# docker run docker.elastic.co/beats/packetbeat:5.6.7 ./scripts/import_dashboards -es https://c2ddaa70b10cb93643b031042d4f6554.us-east-1.aws.found.io:9243 -user elastic -pass xxx
fail to create the Elasticsearch loader: Error creating Elasticsearch client: Couldn't connect to any of the configured Elasticsearch hosts
Exiting
這與我想要實現的目標很接近。 它不是基於docker的,但是可以使用!
1)下載packetbeat:
curl -L -O https://artifacts.elastic.co/downloads/beats/packetbeat/packetbeat-6.1.3-x86_64.rpm
sudo rpm -vi packetbeat-5.4.1-x86_64.rpm
cd /usr/share/packetbeat/
2)配置packetbeat.yml文件:
#-------------------------- Elasticsearch output ------------------------------
output.elasticsearch:
# Array of hosts to connect to.
hosts: ["611878ce312a4bc30040208f62a9c9341.us-east-1.aws.found.io:9243"]
# Optional protocol and basic auth credentials.
protocol: "https"
username: "elastic"
password: "xxx"
#============================== Kibana =====================================
setup.kibana:
host: "https://b0440709b5f76af035e0a5915a763ebf1.us-east-1.aws.found.io:9243"
#============================== Dashboards =====================================
setup.dashboards.enabled: true
3)啟動packetbeat服務
/etc/init.d/packetbeat restart
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.