无法读取输入日志 filebeat
Unable to read input logs filebeat
我是 docker 的新手,我正在尝试使用 Filebeat 进行 ELK 设置。我在机器 1 中有一个用于 filebeat 设置的容器,我正在尝试从 /mnt/logs/temp.log(非容器日志)收集日志到机器 2 中的 ELK 容器。这是我的 filebeat 配置:-
filebeat.config:
modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
filebeat.autodiscover:
providers:
- type: docker
hints.enabled: true
hints.default_config:
type: container
paths:
- /mnt/logs/temp.log
processors:
- add_cloud_metadata: ~
output.elasticsearch:
hosts: '${ELASTICSEARCH_HOSTS:42.23.12.131:9042}'
即使我将 filebeat.yml 配置更改为以下,它似乎也不会向 ES 发送任何日志:-
filebeat.inputs:
- type: log
paths:
- /mnt/logs/temp.log
output.elasticsearch:
hosts: ["42.23.12.131:9042"]
有人可以帮我解决这个问题或指出任何与此相关的网站文章或文档吗? filebeat 和 ELK 容器的版本是 7.14.0.
编辑:ELK 的 docker-compose 文件是:-
version: '2.2'
services:
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:7.14.0
volumes:
- type: bind
source: ./elasticsearch/elasticsearch.yml
target: /usr/share/elasticsearch/config/elasticsearch.yml
read_only: true
- type: volume
source: elasticsearch
target: /usr/share/elasticsearch/data
environment:
ES_JAVA_OPTS: "-Xmx512m -Xms512m"
discovery.type: single-node
ports:
- "9200:9200"
- "9300:9300"
networks:
- elk
logstash:
image: docker.elastic.co/logstash/logstash:7.14.0
volumes:
- type: bind
source: ./logstash/config/logstash.yml
target: /usr/share/logstash/config/logstash.yml
read_only: true
- type: bind
source: ./logstash/pipeline.conf
target: /usr/share/logstash/pipeline.conf
read_only: true
ports:
- "5044:5044/udp"
- "9600:9600"
environment:
LS_JAVA_OPTS: "-Xmx512m -Xms512m"
networks:
- elk
depends_on:
- elasticsearch
kibana:
image: docker.elastic.co/kibana/kibana:7.14.0
volumes:
- type: bind
source: ./kibana/kibana.yml
target: /usr/share/kibana/config/kibana.yml
read_only: true
ports:
- "5601:5601"
networks:
- elk
depends_on:
- elasticsearch
networks:
elk:
driver: bridge
volumes:
elasticsearch:
在您的 docker-compose 文件中,仅将此端口暴露在容器外(考虑到,端口 9042 是您在 elasticsearch 端配置的端口):
ports:
- "9200:9200"
- "9300:9300"
因此,如果您添加目标端口 9042,它一定会起作用。所以这一定是这样的:
ports:
- "9200:9200"
- "9300:9300"
- "9042:9042"
如果端口 9042 不是您配置到 elasticsearchhc 中的端口,这意味着您必须更改 filebeat 代理的配置以获得正确的端口(可能是 9200)
我是 docker 的新手,我正在尝试使用 Filebeat 进行 ELK 设置。我在机器 1 中有一个用于 filebeat 设置的容器,我正在尝试从 /mnt/logs/temp.log(非容器日志)收集日志到机器 2 中的 ELK 容器。这是我的 filebeat 配置:-
filebeat.config:
modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
filebeat.autodiscover:
providers:
- type: docker
hints.enabled: true
hints.default_config:
type: container
paths:
- /mnt/logs/temp.log
processors:
- add_cloud_metadata: ~
output.elasticsearch:
hosts: '${ELASTICSEARCH_HOSTS:42.23.12.131:9042}'
即使我将 filebeat.yml 配置更改为以下,它似乎也不会向 ES 发送任何日志:-
filebeat.inputs:
- type: log
paths:
- /mnt/logs/temp.log
output.elasticsearch:
hosts: ["42.23.12.131:9042"]
有人可以帮我解决这个问题或指出任何与此相关的网站文章或文档吗? filebeat 和 ELK 容器的版本是 7.14.0.
编辑:ELK 的 docker-compose 文件是:-
version: '2.2'
services:
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:7.14.0
volumes:
- type: bind
source: ./elasticsearch/elasticsearch.yml
target: /usr/share/elasticsearch/config/elasticsearch.yml
read_only: true
- type: volume
source: elasticsearch
target: /usr/share/elasticsearch/data
environment:
ES_JAVA_OPTS: "-Xmx512m -Xms512m"
discovery.type: single-node
ports:
- "9200:9200"
- "9300:9300"
networks:
- elk
logstash:
image: docker.elastic.co/logstash/logstash:7.14.0
volumes:
- type: bind
source: ./logstash/config/logstash.yml
target: /usr/share/logstash/config/logstash.yml
read_only: true
- type: bind
source: ./logstash/pipeline.conf
target: /usr/share/logstash/pipeline.conf
read_only: true
ports:
- "5044:5044/udp"
- "9600:9600"
environment:
LS_JAVA_OPTS: "-Xmx512m -Xms512m"
networks:
- elk
depends_on:
- elasticsearch
kibana:
image: docker.elastic.co/kibana/kibana:7.14.0
volumes:
- type: bind
source: ./kibana/kibana.yml
target: /usr/share/kibana/config/kibana.yml
read_only: true
ports:
- "5601:5601"
networks:
- elk
depends_on:
- elasticsearch
networks:
elk:
driver: bridge
volumes:
elasticsearch:
在您的 docker-compose 文件中,仅将此端口暴露在容器外(考虑到,端口 9042 是您在 elasticsearch 端配置的端口):
ports: - "9200:9200" - "9300:9300"
因此,如果您添加目标端口 9042,它一定会起作用。所以这一定是这样的:
ports: - "9200:9200" - "9300:9300" - "9042:9042"
如果端口 9042 不是您配置到 elasticsearchhc 中的端口,这意味着您必须更改 filebeat 代理的配置以获得正确的端口(可能是 9200)