root@unuse-tsar:/app/elk/filebeat-7.4.2-linux-x86_64# egrep -v "^.*#|^$" filebeat.yml filebeat.inputs: - type: log enabled: true paths: - /var/log/*.log filebeat.config.modules: path: ${path.config}/modules.d/*.yml reload.enabled: true setup.template.settings: index.number_of_shards: 1 setup.kibana: host: "192.168.174.30:4601" setup.dashboards.index: "nginx-*" setup.template.json.name: "nginx" setup.template.pattern: "nginx-*" setup.template.overwrite: true setup.ilm.enabled: auto setup.ilm.rollover_alias: "access-nginx-%{+yyyy.MM.dd}" setup.ilm.pattern: "nginx-%{+yyyy.MM.dd}" output.elasticsearch: hosts: ["192.168.174.30:8200"] indices: - index: "nginx-%{+yyyy.MM.dd}" when.contains: type: "nginx" processors: - add_host_metadata: ~ - add_cloud_metadata: ~
然后去启动:./filebeat -e
启动后会创建索引