因業務需要，我們現有得伺服器上一個節點上裝了多個服務，前後端都有涉及，因此就需要用 filebeat 將這些日誌收集起來生成不一樣得索引，配置如下（僅供參考）：

input:

filebeat.inputs:

# Each - is an input. Most options can be set at the input level, so
# you can use different inputs for various configurations.
# Below are the input specific configurations.

- type: log

  # Change to 
 
true to enable this input configuration.
  enabled: true

  # Paths that should be crawled and fetched. Glob based paths.
  paths:
    - /var/log/nginx/*.log
  fields:
    log_type: "nginx"

  json.key_under_root: true
  json.overwite_keys: true
    #- c:\programdata\elasticsearch\logs\*
- type: log
  enabled: true
  paths:
    - /var/log/elasticsearch/elasticsearch.log
  fields:
    log_type: "es"

  multiline.pattern: ^\[
  multiline.negate: true
  multiline.match: after

- type: log
  enabled: true
  paths:
    - /data/ruoyi/*.log
  fields:
    log_type: "ruoyi"

  multiline.pattern: ^\[
  multiline.negate: true
  multiline.match: after
 

output:

output.elasticsearch:
  # Array of hosts to connect to.
  hosts: ["192.168.53.21:9200","192.168.53.22:9200"]
  index: "nginx-%{+yyyy.MM}"
  indices:
    - index: "es-log"
      when.contains:
        fields:
          log_type: "es"
    - index: "ruoyi-log"
      when.contains:
        fields:
          log_type: 
 
"ruoyi"

解釋一下大概就是按域或者說是欄位區分，按照域建立不同得索引，output 中 hosts 下面得index 意思是除下面兩個判斷，其他得放在nginx索引中