filebeat下载官网:https://www.elastic.co/cn/downloads/beats/filebeat
image.png
EFK最后一步filebeat的安装是最简单的,只需要安装kibana上面提示的操作安装即可。

1、Download and install Filebeat

  1. curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.13.2-x86_64.rpm
  2. sudo rpm -vi filebeat-7.13.2-x86_64.rpm

2、Edit the configuration

Modify /etc/filebeat/filebeat.yml to set the connection information:

  1. output.elasticsearch:
  2.   hosts: ["<es_url>"]
  3.   username: "elastic"
  4.   password: "<password>"
  5. setup.kibana:
  6.   host: "<kibana_url>"

Where is the password of the elastic user, is the URL of Elasticsearch, and is the URL of Kibana.

3、Enable and configure the elasticsearch module

sudo filebeat modules enable elasticsearch
Modify the settings in the /etc/filebeat/modules.d/elasticsearch.yml file.

4、Start Filebeat

The setup command loads the Kibana dashboards. If the dashboards are already set up, omit this command.

  1. $ filebeat setup
  2. Overwriting ILM policy is disabled. Set `setup.ilm.overwrite: true` for enabling.
  4. Index setup finished.
  5. Loading dashboards (Kibana must be running and reachable)
  6. Loaded dashboards
  7. Setting up ML using setup --machine-learning is going to be removed in 8.0.0. Please use the ML app instead.
  8. See more: https://www.elastic.co/guide/en/machine-learning/current/index.html
  9. Loaded machine learning job configurations
  10. Loaded Ingest pipelines
  12. $ service filebeat start
  13. Starting filebeat (via systemctl):                         [  OK  ]