Filebeat是一个日志文件托运工具,在你的服务器上安装客户端后,filebeat会监控日志目录或者指定的日志文件,追踪读取这些文件(追踪文件的变化,不停的读),并且转发这些信息到elasticsearch或者logstarsh中存放。本文介绍 Filebeat 安装部署。
安装
略。
排错
重启系统导致无法启动问题
问题描述:
类似 Filebeat Fails After Power Failure,在断电或者版本升级之后都可能概率性触发,root couse 是在异常情况下 registry 文件没有 EOF 标识符。这种情况下,需要删除 registry 文件才可以启动成功。
[root@xiexianbin_cn ~]# systemctl status filebeat.service
● filebeat.service - filebeat
Loaded: loaded (/usr/lib/systemd/system/filebeat.service; enabled; vendor preset: disabled)
Active: failed (Result: start-limit) since Fri 2018-04-18 19:51:43 CST; 1min 5s ago
Docs: https://www.elastic.co/guide/en/beats/filebeat/current/index.html
Process: 15760 ExecStart=/usr/share/filebeat/bin/filebeat -c /etc/filebeat/filebeat.yml -path.home /usr/share/filebeat -path.config /etc/filebeat -path.data /var/lib/filebeat -path.logs /var/log/filebeat (code=exited, status=1/FAILURE)
Main PID: 15760 (code=exited, status=1/FAILURE)
Jun 22 19:51:43 xiexianbin_cn systemd[1]: Unit filebeat.service entered failed state.
Jun 22 19:51:43 xiexianbin_cn systemd[1]: filebeat.service failed.
Jun 22 19:51:43 xiexianbin_cn systemd[1]: filebeat.service holdoff time over, schedulin...t.
Jun 22 19:51:43 xiexianbin_cn systemd[1]: start request repeated too quickly for filebe...ce
Jun 22 19:51:43 xiexianbin_cn systemd[1]: Failed to start filebeat.
Jun 22 19:51:43 xiexianbin_cn systemd[1]: Unit filebeat.service entered failed state.
Jun 22 19:51:43 xiexianbin_cn systemd[1]: filebeat.service failed.
Hint: Some lines were ellipsized, use -l to show in full.
[root@xiexianbin_cn ~]#
解决方法:
rm -rf /var/lib/filebeat/registry
systemctl reset-failed filebeat
systemctl start filebeat
filebeat 启动失败问题
错误日志:
Exiting: Could not start registrar: Error loading state: Error decoding states: EOF
解决办法:
cd /var/lib/filebeat/
rm -rf registry
systemctl reset-failed filebeat
systemctl start filebeat