filebeat多个input写入不同的ES索引-白眉大叔

filebeat多个input写入不同的ES索引

 cat config/10-log-to-es.yaml

内容如下：

filebeat.inputs:
- type: log
  paths: ["/tmp/apps.log"]
  tags: "apps"

- type: log
  paths: ["/tmp/hobby.json"]
  tags: "json"

output.elasticsearch:
  hosts: 
  - "http://10.0.0.101:19200"
  - "http://10.0.0.102:19200"
  - "http://10.0.0.103:19200"
  # index: "baimei-filebeat-tomcat-access-%{+yyyy.MM.dd}"    
  indices:
    - index: "baimei-filebeat-indices-json-%{+yyyy.MM.dd}"
      when.contains:
        tags: "json"
    - index: "baimei-filebeat-indices-apps-%{+yyyy.MM.dd}"
      when.contains:
        tags: "apps"

setup.ilm.enabled: false
setup.template.name: "baimei-filebeat-indices"
setup.template.pattern: "baimei-filebeat-indices*"
setup.template.overwrite: true
setup.template.settings:
  index.number_of_shards: 10
  index.number_of_replicas: 0

补充：

# 禁用索引生命周期管理
setup.ilm.enabled: false
# 设置索引模板的名称
setup.template.name: "baimeidashuedu-linux"
# 设置索引模板的匹配模式 
setup.template.pattern: "baimeidashuedu-linux*"

案例2：

filebeat.inputs:
- type: log
  paths: ["/baimei/softwares/tomcat/logs/localhost_access_log*.txt"]
  processors:
  - decode_json_fields:
      fields: ["message"]
      target: ""
  - add_fields:
      target: ""
      fields:
        apps: tomcat

- type: log
  paths: ["/tmp/app.log"]
  processors:
  - add_fields:
      target: ""
      fields:
        apps: generate

output.logstash:
  hosts: ["10.0.0.113:8888"]

欢迎来撩：汇总all

关于白眉大叔linux云计算: 白眉大叔

相关文章

logstash 解析nginx日志

kibana 图形化展示案例（实战入门）

kibana 展示 nginx 接口访问量

热门文章

1解决node: /lib64/libstdc++.so.6: version `GLIBCXX_3.4.20′ not found (required by node)

2docker 使用gpu资源

3k8s 安装Milvus分布式2.0x

4pip is configured with locations that require TLS/SSL, however the ssl module in Python is not available

5云原生基础-汇总