[root@node2 filebeat]#grep "^s*[^# t].*$" /etc/filebeat/filebeat.yml
filebeat.inputs:
- type: log
enabled: true
paths:
- /var/log/long_text_2021-12-13-14-59-09.txt
fields_under_root: true
- type: log
enabled: true
paths:
- /var/log/messages
fields_under_root: true
- type: log
enabled: true
paths:
- /tmp/yum.log
exclude_lines: ['^$']
fields_under_root: true
ignore_older: 24 #可以指定filebeat忽略指定时间段以外修改的日志内容
close_inactive: 5m #
scan_frequency: 1s #filebeat以多快的频率去检测文件更新
clean_inactive: 72h
backoff: 1s #filebeat检测到某个文件到了eof之后,每次等待多久再去检测更新
max_backoff: 10s #f
multiline.type: pattern
multiline.pattern: ^[
multiline.negate: true
multiline.match: after
filebeat.config.modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: true
setup.template.settings:
index.number_of_shards: 1
setup.kibana:
host: "127.0.0.1:5601"
output.elasticsearch:
hosts: ["127.0.0.1:9200"]
indices:
- index: "javalog-%{+yyyy.MM.dd}"
when.contains:
- index: "message_%{+YYYY.MM.dd}"
when.contains:
- index: "yum_%{+YYYY.MM.dd}"
when.contains:
setup.template.name: "javalog"
setup.template.pattern: "javalog-*"
setup.template.enabled: false
setup.ilm.enabled: false
processors:
- add_host_metadata:
when.not.contains.tags: forwarded
- add_cloud_metadata: ~
- add_docker_metadata: ~
- add_kubernetes_metadata: ~
