记录日常工作关于系统运维,虚拟化云计算,数据库,网络安全等各方面问题。

filebeat采集一台服务器中的不同日志,并将日志放到ES中的不同索引中




filebeat.inputs:

- type: log

  enabled: true

  paths:

    - /usr/local/tomcat/apache-tomcat-8.5.53/logs/catalina.out

  tags: ["tomcat"]

  fields:

    index: "tomcat"


- type: log

  enabled: true

  paths:

    - /usr/local/apollo/apollo-adminservice.log

  tags: ["apollo-adminservice"]

  fields:

    index: "apollo_admin"

- type: log

  enabled: true

  paths:

    - /usr/local/apollo/apollo-configservice.log

  tags: ["apollo-configservice"]

  fields:

    index: "apollo_conf"



output.elasticsearch: #指定ES的配置

  hosts: ["192.168.20.248:9200"]

  indices:

    - index: "filebeat-java-1-tomcat-%{+YYYY-MM}"

      when.contains:

        fields:

          index: "tomcat"

    - index: "filebeat-java-1-apollo-admin-%{+YYYY-MM}"

      when.contains:

        fields:

          index: "apollo_admin"

    - index: "filebeat-java-1-apollo-conf-%{+YYYY-MM}"

      when.contains:

        fields:

          index: "apollo_conf"

 



如下:

filebeat.inputs:

- type: log

  enabled: true

  paths:

    - /usr/local/tomcat/apache-tomcat-8.5.53/logs/catalina.out

  tags: ["tomcat"]

  fields:

    index: "tomcat"


- type: log

  enabled: true

  paths:

    - /usr/local/apollo/apollo-adminservice.log

  tags: ["apollo-adminservice"]

  fields:

    index: "apollo_admin"

- type: log

  enabled: true

  paths:

    - /usr/local/apollo/apollo-configservice.log

  tags: ["apollo-configservice"]

  fields:

    index: "apollo_conf"



output.elasticsearch: #指定ES的配置

  hosts: ["192.168.20.248:9200"]

  indices:

    - index: "filebeat-java-1-tomcat-%{+YYYY-MM}"

      when.contains:

        fields:

          index: "tomcat"

    - index: "filebeat-java-1-apollo-admin-%{+YYYY-MM}"

      when.contains:

        fields:

          index: "apollo_admin"

    - index: "filebeat-java-1-apollo-conf-%{+YYYY-MM}"

      when.contains:

        fields:

          index: "apollo_conf"

————————————————

 

如下实例。



[root@92cto-com ~]# cat /etc/filebeat/filebeat.yml
filebeat.inputs:
 - type: log
   enabled: true
   paths:
     - /var/log/secure
   include_lines: ['sshd', 'sudo']
   tags:
     ["secure-log"]
   fields:
     index: "ssh"


 - type: log
   enabled: true
   paths:
     - /www/wwwlogs/yjvps.com-ssl_access_log
#   include_lines: ['sshd', 'sudo']
   tags:
     ["httpd-log"]
   fields:
     index: "httpd"


setup.template.settings:
  index.number_of_shards: 1


# output.console:
# pretty: true
# enable: true


output.elasticsearch: #指定ES的配置
  hosts: ["127.0.0.1"]
  username: "elastic"
  password: "123456"
  indices:
    - index: "filebeat-ssh-%{+YYYY-MM}"
      when.contains:
        fields:
          index: "ssh"
    - index: "filebeat-httpd-%{+YYYY-MM}"
      when.contains:
        fields:
          index: "httpd"

filebeat.inputs:

- type: log

  enabled: true

  paths:

   ?- /usr/local/tomcat/apache-tomcat-8.5.53/logs/catalina.out

  tags: ["tomcat"]

  fields:

    index: "tomcat"


- type: log

  enabled: true

  paths:

    - /usr/local/apollo/apollo-adminservice.log

  tags: ["apollo-adminservice"]

  fields:

    index: "apollo_admin"

- type: log

  enabled: true

  paths:

    - /usr/local/apollo/apollo-configservice.log

  tags: ["apollo-configservice"]

  fields:

    index: "apollo_conf"



output.elasticsearch: #指定ES的配置

  hosts: ["192.168.20.248:9200"]

  indices:

    - index: "filebeat-java-1-tomcat-%{+YYYY-MM}"

      when.contains:

        fields:

          index: "tomcat"

    - index: "filebeat-java-1-apollo-admin-%{+YYYY-MM}"

      when.contains:

        fields:

          index: "apollo_admin"

    - index: "filebeat-java-1-apollo-conf-%{+YYYY-MM}"

      when.contains:

        fields:

          index: "apollo_conf"

————————————————

版权声明:本文为CSDN博主「吃胡萝卜的鳄鱼」的原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接及本声明。

原文链接:https://blog.csdn.net/qq_37135484/article/details/105578451




转载请标明出处【filebeat采集一台服务器中的不同日志,并将日志放到ES中的不同索引中】。

《www.92cto.com》 虚拟化云计算,系统运维,安全技术服务.

网站已经关闭评论