filebeat收集多日誌
阿新 • • 發佈:2020-08-22
1.收集多日誌到ES
1)方式一:
[root@web01 ~]# vim /etc/filebeat/filebeat.yml filebeat.inputs: - type: log enable: true paths: - /var/log/nginx/access.log json.keys_under_root: true json.overwrite_keys: true - type: log enable: true paths: - /var/log/messages output.elasticsearch: hosts: ["10.0.0.51:9200"] indices: - index: "nginx_%{+YYYY-MM-dd}" when.contains: source: "/var/log/nginx/access.log" - index: "message_%{+YYYY-MM-dd}" when.contains: source: "/var/log/messages" setup.template.enabled: false setup.template.name: "nginx" setup.template.pattern: "nginx-*"
2)方式二:
[root@web01 ~]# vim /etc/filebeat/filebeat.yml filebeat.inputs: - type: log enable: true paths: - /var/log/nginx/access.log json.keys_under_root: true json.overwrite_keys: true tags: ["nginx"] - type: log enable: true paths: - /var/log/messages tags: ["messages"] output.elasticsearch: hosts: ["10.0.0.51:9200"] indices: - index: "nginx_%{+YYYY-MM-dd}" when.contains: tags: "nginx" - index: "message_%{+YYYY-MM-dd}" when.contains: tags: "messages" setup.template.enabled: false setup.template.name: "nginx" setup.template.pattern: "nginx-*"