-
-
Save gburd/3d924ecb0abfe15bb19b5808898ce222 to your computer and use it in GitHub Desktop.
Install filebeat & metricbeat on debian (as root) and ship data to Humio's cloud hosted service for log and metric management (a replacement for Splunk, Elasticsearch, Loggly, etc.)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Install filebeat & metricbeat | |
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | apt-key add - | |
apt-get install apt-transport-https | |
echo "deb https://artifacts.elastic.co/packages/oss-7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list | |
apt-get update | |
apt-get install filebeat metricbeat | |
# Configure filebeat | |
cat >/etc/filebeat/filebeat.yml <<EOL | |
filebeat.inputs: | |
- type: log | |
enabled: true | |
paths: | |
- /var/log/*.log | |
- /var/log/*/*.log | |
encoding: utf-8 | |
exclude_files: [".gz"] | |
ignore_older: 3h | |
filebeat.config.modules: | |
path: ${path.config}/modules.d/*.yml | |
reload.enabled: false | |
queue.mem: | |
events: 8000 | |
flush.min_events: 1000 | |
flush.timeout: 1s | |
output.elasticsearch: | |
hosts: ["https://cloud.humio.us/api/v1/ingest/elastic-bulk:443"] | |
username: "<your repo's ingest token>" | |
compression_level: 5 | |
bulk_max_size: 200 | |
worker: 1 | |
EOL | |
filebeat test config -c /etc/filebeat/filebeat.yml | |
# Enable filebeat modules | |
filebeat modules enable system | |
# Enable filebeat | |
systemctl enable filebeat.service | |
# Configure metricbeat | |
cat >/etc/metricbeat/metricbeat.yml <<EOL | |
metricbeat.modules: | |
- module: system | |
metricsets: | |
- cpu | |
- load | |
- filesystem | |
- fsstat | |
- memory | |
- network | |
- process | |
- socket | |
enabled: true | |
period: 10s | |
processes: ['.*'] | |
output.elasticsearch: | |
hosts: ["https://cloud.humio.com/api/v1/ingest/elastic-bulk:443"] | |
username: "<your repo's ingest token>" | |
EOL | |
# Enable metricbeat | |
systemctl enable metricbeat.service | |
# Start file and metric beat | |
sudo systemctl daemon-reload | |
systemctl start filebeat.service | |
systemctl start metricbeat.service |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
To run simply edit out the
<YourRepositoryName>
and<YourIngestToken>
with information from your Humio repository. Then run this scriptsudo bash -x ./install-beats.sh
.