60 lines
1.9 KiB
Markdown
60 lines
1.9 KiB
Markdown
---
|
||
title: "BEATS"
|
||
type: concept
|
||
tags: [DevOps, Observability, Logging, OpenSource]
|
||
sources: [ctp-topic-54-esm-saas-log-analytics]
|
||
last_updated: 2026-04-25
|
||
---
|
||
|
||
# BEATS
|
||
|
||
**BEATS** 是 Elastic 公司开发的轻量级开源日志与指标数据采集代理家族,属于 ELK Stack 的数据采集层。名称来自 "Beats" 系列工具(Filebeat、Metricbeat、Packetbeat 等)。
|
||
|
||
## Core Concept
|
||
|
||
*"The application collects your log, it's called the BEATS."* — Jackie
|
||
|
||
BEATS 代理部署在应用侧,轻量级运行,持续将日志数据推送至 Logstash 或 Elasticsearch/OpenSearch。
|
||
|
||
## Member Tools
|
||
|
||
| Tool | Purpose |
|
||
|------|---------|
|
||
| **Filebeat** | 日志文件采集(最常用),支持容器环境(Kubernetes DaemonSet) |
|
||
| **Metricbeat** | 系统和服务指标采集 |
|
||
| **Packetbeat** | 网络数据包分析 |
|
||
| **Heartbeat** | 站点可用性探测 |
|
||
| **Auditbeat** | Linux 审计框架数据 |
|
||
| **Journalbeat** | systemd journal 采集 |
|
||
|
||
## Use in ELK Architecture
|
||
|
||
```
|
||
应用层 (Application VPC)
|
||
└── Filebeat (容器/DaemonSet) → 持续采集日志文件
|
||
↓
|
||
日志层 (Logging VPC)
|
||
└── Logstash → 解析和转换字段
|
||
↓
|
||
└── Elasticsearch/OpenSearch → 存储
|
||
↓
|
||
└── Kibana → 可视化
|
||
```
|
||
|
||
## Key Claims
|
||
|
||
- Filebeat 是在 Kubernetes 容器环境中部署日志采集的首选方案
|
||
- BEATS 代理轻量、低资源占用,适合在每个应用节点部署
|
||
- Filebeat 支持多行日志合并(如 Java Stack Trace)和多种日志格式解析
|
||
|
||
## Related Concepts
|
||
|
||
- [[ELK-Stack]]:BEATS 是 ELK 栈的采集层
|
||
- [[Logstash]]:BEATS 采集的数据通常先推送至 Logstash 进行处理
|
||
- [[OpenSearch]]:Filebeat 可直接推送至 OpenSearch,无需 Logstash
|
||
- [[Centralized-Logging]]:BEATS 是集中式日志采集的重要组件
|
||
|
||
## Sources
|
||
|
||
- [[ctp-topic-54-esm-saas-log-analytics]]
|