elk搭建参看 https://blog.csdn.net/ctllin/article/details/116484210
下载packetbeat
curl -L -O https://artifacts.elastic.co/downloads/beats/packetbeat/packetbeat-7.12.1-linux-x86_64.tar.gz
tar -xvzf packetbeat-7.12.1-linux-x86_64.tar.gz
cd packetbeat-7.12.1-linux-x86_64
cp packetbeat.yml packetbeat.yml.back
vim packagebeat.yml
替换localhost为指定的地址
%s/localhost/192.168.3.9/g
找到
- type: http
# Configure the ports where to listen for HTTP traffic. You can disable
# the HTTP protocol by commenting out the list of ports.
ports: [80, 8080, 8000, 5000, 8002]
#通过include_body_for配置设置指定希望包含正文的请求的内容类型,加上去后就可以看到请求json和返回json
send_request: true #增加
include_body_for: ['application/json', 'application/javascript'] #增加
去除logstash的注释,将#output.elasticsearch注释掉
output.logstash:
# The Logstash hosts
hosts: ["192.168.3.9:5044"]
启动服务
./packetbeat -e -c packetbeat.yml &创建index pattern
就可以看到请求和返回的json数据
