mac filebeat 設定

架構說明

• 一台 ELK
• 三台 worker
• filebeat-6.3.0 for mac 版本加開機自動程式 plist
• 注意 要改 com.mlytics.filebeat.plist and filebeat.yml 使用者權限
  chown root com.mlytics.filebeat.plist filebeat.yml

統一 filebeat 程式路徑說明：

/Users/prod-adp-1/scripts/filebeat-6.3.0-darwin-x86_64 
/Users/prod-adp-2/scripts/filebeat-6.3.0-darwin-x86_64 
/Users/prod-adp-3/scripts/filebeat-6.3.0-darwin-x86_64

統一 filebeat log 路徑說明

/Users/prod-adp-1/scripts/filebeat-6.3.0-darwin-x86_64/logs
/Users/prod-adp-2/scripts/filebeat-6.3.0-darwin-x86_64/logs
/Users/prod-adp-3/scripts/filebeat-6.3.0-darwin-x86_64/logs

開機自動程式 plist
/Library/LaunchDaemons/com.mlytics.filebeat.plist 名稱自取-注意使用者不一樣

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/Property\
List-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Label</key>
    <string>com.mlytics.filebeat</string>
    <key>StandardOutPath</key>
    <string>/Users/prod-adp-3/scripts/filebeat-6.3.0-darwin-x86_64/logs/filebeat-output.txt</string>
    <key>StandardErrorPath</key>
    <string>/Users/prod-adp-3/scripts/filebeat-6.3.0-darwin-x86_64/logs/filebeat-errors.txt</string>
    <key>ProgramArguments</key>
    <array>
        <string>/Users/prod-adp-3/scripts/filebeat-6.3.0-darwin-x86_64/filebeat</string>
        <string>-e</string>
        <string>-c</string>
        <string>/Users/prod-adp-3/scripts/filebeat-6.3.0-darwin-x86_64/filebeat.yml</string>
    </array>
    <key>KeepAlive</key>
    <true/>
</dict>
</plist>

/Users/prod-adp-3/scripts/filebeat-6.3.0-darwin-x86_64/filebeat.yml 名稱自取-注意使用者不一樣

filebeat.prospectors:
- input_type: log
  enabled: true
  paths:
    - /tmp/core-distribute.log
    - /Users/prod-adp-3/adp-core-codesign/.adp/.journal/tmp.log

output.elasticsearch:
  hosts: ["35.221.170.173:9200"]
  index: "adp-worker-3-%{+yyyy.MM.dd}"

setup.template.name: "adp-worker-3"
setup.template.pattern: "adp-worker-3-*"
setup.template.overwrite: false
setup.template.settings:
#        _source.enabled: false
        index.number_of_shards: 1
        index.number_of_replicas: 0

設定方式 – plist 複製前要看設定內容對不對

# sudo cp /Users/prod-adp-3/scripts/filebeat-6.3.0-darwin-x86_64/com.mlytics.filebeat.plist   /Library/LaunchDaemons/com.mlytics.filebeat.plist
# sudo launchctl load -w /Library/LaunchDaemons/com.mlytics.filebeat.plist 啟用
 

停用方式

sudo launchctl load -w /Library/LaunchDaemons/com.mlytics.filebeat.plist
查看服務1

sudo launchctl list | grep com.mlytics.filebeat


20521	0	com.mlytics.filebeat

查看服務 2

ps aux | grep filebeat
root            20521   0.0  0.2 558485108  16800   ??  Ss   10:56上午   0:00.13 /Users/prod-adp-1/scripts/filebeat-6.3.0-darwin-x86_64/filebeat -e -c /Users/prod-adp-1/scripts/filebeat-6.3.0-darwin-x86_64/filebeat.yml