因业务需要,我们现有得服务器上一个节点上装了多个服务,前后端都有涉及,因此就需要用 filebeat 将这些日志收集起来生成不一样得索引,配置如下(仅供参考):
input:
filebeat.inputs:
# Each - is an input. Most options can be set at the input level, so
# you can use different inputs for various configurations.
# Below are the input specific configurations.
- type: log
# Change to true to enable this input configuration.
enabled: true
# Paths that should be crawled and fetched. Glob based paths.
paths:
- /var/log/nginx/*.log
fields:
log_type: "nginx"
json.key_under_root: true
json.overwite_keys: true
#- c:programdataelasticsearchlogs*
- type: log
enabled: true
paths:
- /var/log/elasticsearch/elasticsearch.log
fields:
log_type: "es"
multiline.pattern: '^s'
multiline.negate: true
multiline.match: after
- type: log
enabled: true
paths:
- /data/ruoyi/*.log
fields:
log_type: "ruoyi"
multiline.pattern: '^s'
multiline.negate: true
multiline.match: after
output:
output.elasticsearch:
# Array of hosts to connect to.
hosts: ["192.168.53.21:9200","192.168.53.22:9200"]
index: "nginx-%{+yyyy.MM}"
indices:
- index: "es-log"
when.contains:
fields:
log_type: "es"
- index: "ruoyi-log"
when.contains:
fields:
log_type: "ruoyi"
解释一下大概就是按域或者说是字段区分,按照域创建不同得索引,output 中 hosts 下面得index 意思是除下面两个判断,其他得放在nginx索引中
