filebeat多个input写入不同的ES索引

filebeat多个input写入不同的ES索引

 cat config/10-log-to-es.yaml 

内容如下：

filebeat.inputs:
- type: log
  paths: ["/tmp/apps.log"]
  tags: "apps"

- type: log
  paths: ["/tmp/hobby.json"]
  tags: "json"

output.elasticsearch:
  hosts: 
  - "http://10.0.0.101:19200"
  - "http://10.0.0.102:19200"
  - "http://10.0.0.103:19200"
  # index: "baimei-filebeat-tomcat-access-%{+yyyy.MM.dd}"    
  indices:
    - index: "baimei-filebeat-indices-json-%{+yyyy.MM.dd}"
      when.contains:
        tags: "json"
    - index: "baimei-filebeat-indices-apps-%{+yyyy.MM.dd}"
      when.contains:
        tags: "apps"

setup.ilm.enabled: false
setup.template.name: "baimei-filebeat-indices"
setup.template.pattern: "baimei-filebeat-indices*"
setup.template.overwrite: true
setup.template.settings:
  index.number_of_shards: 10
  index.number_of_replicas: 0

补充：

# 禁用索引生命周期管理
setup.ilm.enabled: false
# 设置索引模板的名称
setup.template.name: "baimeidashuedu-linux"
# 设置索引模板的匹配模式 
setup.template.pattern: "baimeidashuedu-linux*"

案例2：

filebeat.inputs:
- type: log
  paths: ["/baimei/softwares/tomcat/logs/localhost_access_log*.txt"]
  processors:
  - decode_json_fields:
      fields: ["message"]
      target: ""
  - add_fields:
      target: ""
      fields:
        apps: tomcat

- type: log
  paths: ["/tmp/app.log"]
  processors:
  - add_fields:
      target: ""
      fields:
        apps: generate

output.logstash:
  hosts: ["10.0.0.113:8888"]

欢迎来撩 ： 汇总all