filebeat采集一台服务器中的不同日志,并将日志放到ES中的不同索引中
filebeat采集一台服务器中的不同日志,并将日志放到ES中的不同索引中
filebeat.inputs:
- type: log
enabled: true
paths:
- /usr/local/tomcat/apache-tomcat-8.5.53/logs/catalina.out
tags: ["tomcat"]
fields:
index: "tomcat"
- type: log
enabled: true
paths:
- /usr/local/apollo/apollo-adminservice.log
tags: ["apollo-adminservice"]
fields:
index: "apollo_admin"
- type: log
enabled: true
paths:
- /usr/local/apollo/apollo-configservice.log
tags: ["apollo-configservice"]
fields:
index: "apollo_conf"
output.elasticsearch: #指定ES的配置
hosts: ["192.168.20.248:9200"]
indices:
- index: "filebeat-java-1-tomcat-%{+YYYY-MM}"
when.contains:
fields:
index: "tomcat"
- index: "filebeat-java-1-apollo-admin-%{+YYYY-MM}"
when.contains:
fields:
index: "apollo_admin"
- index: "filebeat-java-1-apollo-conf-%{+YYYY-MM}"
when.contains:
fields:
index: "apollo_conf"
如下:
filebeat.inputs:
- type: log
enabled: true
paths:
?- /usr/local/tomcat/apache-tomcat-8.5.53/logs/catalina.out
tags: ["tomcat"]
fields:
index: "tomcat"
- type: log
enabled: true
paths:
- /usr/local/apollo/apollo-adminservice.log
tags: ["apollo-adminservice"]
fields:
index: "apollo_admin"
- type: log
enabled: true
paths:
- /usr/local/apollo/apollo-configservice.log
tags: ["apollo-configservice"]
fields:
index: "apollo_conf"
output.elasticsearch: #指定ES的配置
hosts: ["192.168.20.248:9200"]
indices:
- index: "filebeat-java-1-tomcat-%{+YYYY-MM}"
when.contains:
fields:
index: "tomcat"
- index: "filebeat-java-1-apollo-admin-%{+YYYY-MM}"
when.contains:
fields:
index: "apollo_admin"
- index: "filebeat-java-1-apollo-conf-%{+YYYY-MM}"
when.contains:
fields:
index: "apollo_conf"
————————————————
如下实例。
[root@92cto-com ~]# cat /etc/filebeat/filebeat.yml
filebeat.inputs:
- type: log
enabled: true
paths:
- /var/log/secure
include_lines: ['sshd', 'sudo']
tags:
["secure-log"]
fields:
index: "ssh"
- type: log
enabled: true
paths:
- /www/wwwlogs/yjvps.com-ssl_access_log
# include_lines: ['sshd', 'sudo']
tags:
["httpd-log"]
fields:
index: "httpd"
setup.template.settings:
index.number_of_shards: 1
# output.console:
# pretty: true
# enable: true
output.elasticsearch: #指定ES的配置
hosts: ["127.0.0.1"]
username: "elastic"
password: "123456"
indices:
- index: "filebeat-ssh-%{+YYYY-MM}"
when.contains:
fields:
index: "ssh"
- index: "filebeat-httpd-%{+YYYY-MM}"
when.contains:
fields:
index: "httpd"
filebeat.inputs:
- type: log
enabled: true
paths:
?- /usr/local/tomcat/apache-tomcat-8.5.53/logs/catalina.out
tags: ["tomcat"]
fields:
index: "tomcat"
- type: log
enabled: true
paths:
- /usr/local/apollo/apollo-adminservice.log
tags: ["apollo-adminservice"]
fields:
index: "apollo_admin"
- type: log
enabled: true
paths:
- /usr/local/apollo/apollo-configservice.log
tags: ["apollo-configservice"]
fields:
index: "apollo_conf"
output.elasticsearch: #指定ES的配置
hosts: ["192.168.20.248:9200"]
indices:
- index: "filebeat-java-1-tomcat-%{+YYYY-MM}"
when.contains:
fields:
index: "tomcat"
- index: "filebeat-java-1-apollo-admin-%{+YYYY-MM}"
when.contains:
fields:
index: "apollo_admin"
- index: "filebeat-java-1-apollo-conf-%{+YYYY-MM}"
when.contains:
fields:
index: "apollo_conf"
————————————————
版权声明:本文为CSDN博主「吃胡萝卜的鳄鱼」的原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接及本声明。
原文链接:https://blog.csdn.net/qq_37135484/article/details/105578451
目录 返回
首页