filebeat配置多日志并输出到elastic不同index索引
filebeat配置多日志并输出到elastic不同index索引
filebeat将 /var/log/secure与httpd的日志内容输出到ealsticsearch7.11.2的不同索引。
filebeat.inputs:
- type: log
enabled: true
paths:
- /var/log/secure
include_lines: ['sshd', 'sudo']
tags:
["secure-log"] #自定义标签字段
fields:
index: "ssh"
- type: log
enabled: true
paths:
- /www/wwwlogs/httpd-ssl_access_log
# include_lines: ['sshd', 'sudo']
tags:
["httpd-log"] #自定义标签字段
fields:
index: "httpd"
setup.template.settings:
index.number_of_shards: 1
# output.console:
# pretty: true
# enable: true
output.elasticsearch: #指定ES的配置,并指定不同的索引
hosts: ["127.0.0.1"]
username: "elastic"
password: "123456"
indices:
- index: "filebeat-ssh-%{+YYYY-MM}"
when.contains:
fields:
index: "ssh"
- index: "filebeat-httpd-%{+YYYY-MM}"
when.contains:
fields:
index: "httpd"
目录 返回
首页