Windows 2012 R2 上的 Filebeat

Question

我正在使用 Filebeat > Logstash > Elasticsearch > Kibana 来解析和分析日志，基本上是 Java Stack Trace 和其他日志。

这是 Filebeat 的 YML

filebeat:
  prospectors:
    -
      paths:
        - C:\logs\OCR\example.log
      input_type: log
      #document_type: UAT_EXAMPLE
      exclude_lines: [".+DEBUG"]
      multiline:
         pattern: ".+(ERROR|INFO)"
         negate: true
         match: after
      fields:
         app_name: EXAMPLE_APP
         environment: UAT
      fields_under_root: true
      #force_close_files: true
      spool_size: 2048
      #publish_async: true
      #scan_frequency: 10s
      #close_older: 2h

output:
  logstash:
    host: "10.0.64.14"
    port: 5044
    index: filebeat
    timeout: 5
    reconnect_interval: 3
    bulk_max_size: 2048

shipper:
 tags: ["ABC_Engine", "UAT_EXAMPLE"]
 queue_size: 1000

###  Enable logging of the filebeat
logging:
  level: warning
  to_files: true
  files:
    path: c:\logs\
    name: mybeat.log
    rotateeverybytes: 20485760 # = 20MB
    keepfiles: 7

启用文件节拍的日志记录在 Windows 上也不起作用。如果我在这里遗漏了什么，请告诉我。

logging:
   level: warning
   to_files: true
   files:
      path: c:\logs\
      name: mybeat.log
      rotateeverybytes: 20485760 # = 20MB
      keepfiles: 7

问题 - Filebeat 有时无法将日志发送到 logstash，有时它会开始运行运送，但有时它不会。 虽然如果我使用“test.log”作为探矿者并通过以下配置将日志本地保存在磁盘上，它运行良好。

将文件写入本地文件以检查输出。我已经一一尝试了“file”输出和“logstash”输出。

output:
file:
path: c:\logs\
filename: filebeat
rotate_every_kb: 100000
number_of_files: 7

另外，当我使用命令行时，这些东西大多会运行。 ：

.\filebeat.exe -c filebeat.yml -e -v

请协助正确配置 Windows。 日志文件“example.log”每 30 MB 大小轮换一次。

我不太确定使用以下属性以及它们将如何在 Windows 上与 Filebeat 一起使用。

“close_older” “忽略旧” “记录”

Answer 1

输出到logstash：

评论 elasticsearch 行

然后

logstash:
  # The Logstash hosts
   hosts: ["localhost:5044"]

保持[]

例如调试模式的登录配置

logging:
# Send all logging output to syslog. On Windows default is false, otherwise
# default is true.
#to_syslog: true

# Write all logging output to files. Beats automatically rotate files if      rotateeverybytes
# limit is reached.
#to_files: false

# To enable logging to files, to_files option has to be set to true
 files:
# The directory where the log files will written to.
#path: /var/log/mybeat
path: c:\PROGRA~1/filebeat

# The name of the files where the logs are written to.
name: filebeat.log

# Configure log file size limit. If limit is reached, log file will be
# automatically rotated
rotateeverybytes: 10485760 # = 10MB

# Number of rotated log files to keep. Oldest files will be deleted first.
#keepfiles: 7

# Enable debug output for selected components. To enable all selectors use    ["*"]
# Other available selectors are beat, publish, service
# Multiple selectors can be chained.
#selectors: [ ]

# Sets log level. The default log level is error.
# Available log levels are: critical, error, warning, info, debug
 level: debug

LOGGING在LOGGING部分，输出是logstash或elasticsearch，如果你想知道你可以安装为服务去elastic.co网站：

https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-installation.html