Using filebeat with elasticsearch
I don't understand how to run this file to send the result to elasticsearch.
This is the filebeat.yml file,
- input_type: log
# Paths that should be crawled and fetched. Glob based paths.
paths:
- /var/log/nginx/access.log
output.elasticsearch:
# Array of hosts to connect to.
hosts: ["localhost:9200"]
index: 'filebeat_nginx'
elasticsearch is up and running.
Now how to run filebeat to send log information to elasticsearch.
If I go to the bin directory of the filebeat file and run this command,
luvpreet@DHARI-Inspiron-3542:/usr/share/filebeat/bin$ sudo ./filebeat -configtest -e
then it shows
filebeat2017/04/19 06:54:22.450440 beat.go:339: CRIT Exiting: error loading config file: stat filebeat.yml: no such file or directory
Exiting: error loading config file: stat filebeat.yml: no such file or directory
The filebeat.yml file is located in the / etc / filebeat folder. How do I start it? Please clarify the process of running this search with elasticsearch.
source to share
A typical filebeat command looks like this:
/usr/share/filebeat/bin/filebeat -c /etc/filebeat/filebeat.yml \
-path.home /usr/share/filebeat -path.config /etc/filebeat \
-path.data /var/lib/filebeat -path.logs /var/log/filebeat
-c points to your config file as mentioned in the comments above. path.home is your scripts. The path.config file contains configuration files. path.data is the state in which the state is maintained. path.logs is where the filebeat process will be handled.
source to share
1.If you have installed rpm package you will have /etc/filebeat/filebeat.yml file. Edit the file to send the result to Elasticsearch and run it with the command " /etc/init.d/filebeat start
" 2. If you downloaded the binary and installed it, you can use the command " Downloads/filebeat-5.4.0-darwin-x86_64/filebeat -e -c location_to_your_filebeat.yml
"
source to share