dxin/Work-configuration-file
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
01223479088b2a1db8d8cb126aafe391cd32d7a6
Work-configuration-file/filebast/test/filebeat.yml

110 lines
3.4 KiB
YAML
Raw Normal View History

初始化提交
2025-10-07 15:58:15 +08:00
setup.template.enabled: true
setup.ilm.enabled: true
setup.template.name: "test-flymoonlog"
setup.template.pattern: "test-flymoonlog*"
#主配置文件加载子配置文件
filebeat.config.inputs:
enabled: true
path: /etc/filebeat/inputs.d/*.yml
reload.enabled: true
reload.period: 10s
# 处理器
processors:
- dissect:
when:
equals:
log_type: sys-info
tokenizer: '%{timestamp} [%{thread}] %{log_level} %{log_message}'
field: "message"
target_prefix: "parsed_sys_info"
ignore_missing: true
overwrite_keys: false
# - include_fields:
# fields: ["@timestamp", "log_type", "message", "application", "host.ip", "host.name", "log.file.path", "parsed_sys_info.timestamp", "parsed_sys_info.log_level", "parsed_sys_info.message", "parsed_sys_info.method", "parsed_sys_info.thread", "_id", "_index" ]
# - dissect:
# when:
# equals:
# log_type: sys-error
# tokenizer: '%{timestamp} [%{thread}] %{log_level} %{logger} - [%{method},%{line}] - %{message}'
# field: "message"
# target_prefix: "parsed_sys_error"
# # - include_fields:
# # fields: ["@timestamp", "log_type", "message", "application", "host.ip", "host.name", "log.file.path", "parsed_sys_info.timestamp", "parsed_sys_info.log_level", "parsed_sys_info.message", "parsed_sys_info.method", "parsed_sys_info.thread", "_id", "_index", "parsed_sys_info.logger" ]
# - dissect:
# when:
# equals:
# log_type: sys-user
# tokenizer: '%{timestamp} [%{thread}] %{log_level} %{module} - [%{method},%{line}] - %{message}'
# field: "message"
# target_prefix: "parsed_sys_user"
# - include_fields:
# fields: ["@timestamp", "log_type", "message", "application", "host.ip", "host.name", "log.file.path", "parsed_sys_info.timestamp", "parsed_sys_info.log_level", "parsed_sys_info.message", "parsed_sys_info.method", "parsed_sys_info.thread", "_id", "_index", "parsed_sys_info.module" ]
# - dissect:
# when:
# equals:
# log_type: email_nohup.out
# tokenizer: '%{timestamp} %{log.level} %{pid} --- [%{thread}] %{class} : %{message}'
# patterns:
# timestamp: "%{YEAR}-%{MONTH}-%{DAY} %{HOUR}:%{MINUTE}:%{SECOND}%.%{MILLISECOND}"
# log.level: "(INFO|DEBUG|WARN|ERROR|TRACE)"
# pid: "%{NUMBER}"
# thread: "%{DATA}"
# class: "%{DATA}"
# message: "%{GREEDYDATA}"
# field: "message"
# target_prefix: "parsed_sys_nohup"
# - include_fields:
# fields: ["@timestamp", "log_type", "message", "application", "host.ip", "host.name", "log.file.path", "parsed_sys_info.timestamp", "parsed_sys_info.log_level", "parsed_sys_info.message", "parsed_sys_info.method", "parsed_sys_info.thread", "_id", "_index", "parsed_sys_info.module" ]
#输出
output.elasticsearch:
hosts: ["http://192.168.70.16:9200"]
username: "admin"
password: "123456"
index: "test-flymoonlog-%{[environment]}-%{[application]}-%{+yyyy.MM}" # 按月分割索引
bulk_max_size: 50 # 单批次传输最大文档数
worker: 1 # 并行工作线程数
timeout: 15s
# 日志记录
logging.level: info
logging.to_files: true
logging.files:
path: /var/log/filebeat
name: filebeat.log
keepfiles: 7
permissions: 0644
# 设置队列和内存使用
queue.mem:
events: 1024
flush.min_events: 512
flush.timeout: 60s
Reference in New Issue Copy Permalink