Work-configuration-file/filebast/海外241/filebeat.yml

setup.template.enabled: true
setup.ilm.enabled: true
setup.template.name: "out-241-flymoonlog"
setup.template.pattern: "out-241-flymoonlog*"


#主配置文件加载子配置文件
filebeat.config.inputs:
  enabled: true
  path: /etc/filebeat/inputs.d/*.yml
  reload.enabled: true
  reload.period: 10s


# 处理器
processors:
  - dissect:
      when:
        equals:
          log_type: email-log
      tokenizer: '%{timestamp} [%{thread}] %{level} %{class} - [%{method_line}] - %{message}'
      field: "message"
      target_prefix: "mylog"
      ignore_missing: true
      overwrite_keys: true

### s2的lessie ####################################

  - dissect:
      when:
        equals:
          log_type: s2_lessie_search.log
      tokenizer: '%{timestamp} - %{level} - %{module} - %{function} - %{message}'
      field: "message"
      target_prefix: "mylog"
      ignore_missing: true
      overwrite_keys: true

  # 针对带有 [level: | event: | msg: | context:] 的日志，再做一次 dissect
  - dissect:
      when:
        regexp:
          mylog.message: '^\[level:.*\]'
      tokenizer: '[level: %{event_level} | event: %{event} | msg: %{msg} | context: %{context}]'
      field: "mylog.message"
      target_prefix: "mylog"
      ignore_missing: true
      overwrite_keys: true

### s2的lessie ##################################


#输出
output.elasticsearch:
  hosts: ["http://106.53.194.199:9200"]
  username: "admin"
  password: "123456"
  index: "out-241-flymoonlog-%{[environment]}-%{[application]}-%{+yyyy.MM}"  # 按月分割索引
  bulk_max_size: 50       # 单批次传输最大文档数
  worker: 1                # 并行工作线程数
  timeout: 15s


# 日志记录
logging.level: info
logging.to_files: true
logging.files:
  path: /var/log/filebeat
  name: filebeat.log
  keepfiles: 7
  permissions: 0644


# 设置队列和内存使用
queue.mem:
  events: 1024
  flush.min_events: 512
  flush.timeout: 10s
初始化提交 2025-10-07 15:58:15 +08:00			`setup.template.enabled: true`
			`setup.ilm.enabled: true`
			`setup.template.name: "out-241-flymoonlog"`
			`setup.template.pattern: "out-241-flymoonlog*"`



			`#主配置文件加载子配置文件`
			`filebeat.config.inputs:`
			`enabled: true`
			`path: /etc/filebeat/inputs.d/*.yml`
			`reload.enabled: true`
			`reload.period: 10s`



			`# 处理器`
			`processors:`
			`- dissect:`
			`when:`
			`equals:`
			`log_type: email-log`
			`tokenizer: '%{timestamp} [%{thread}] %{level} %{class} - [%{method_line}] - %{message}'`
			`field: "message"`
			`target_prefix: "mylog"`
			`ignore_missing: true`
			`overwrite_keys: true`

			`### s2的lessie ####################################`

			`- dissect:`
			`when:`
			`equals:`
			`log_type: s2_lessie_search.log`
			`tokenizer: '%{timestamp} - %{level} - %{module} - %{function} - %{message}'`
			`field: "message"`
			`target_prefix: "mylog"`
			`ignore_missing: true`
			`overwrite_keys: true`

			`# 针对带有 [level: \| event: \| msg: \| context:] 的日志，再做一次 dissect`
			`- dissect:`
			`when:`
			`regexp:`
			`mylog.message: '^\[level:.*\]'`
			`tokenizer: '[level: %{event_level} \| event: %{event} \| msg: %{msg} \| context: %{context}]'`
			`field: "mylog.message"`
			`target_prefix: "mylog"`
			`ignore_missing: true`
			`overwrite_keys: true`

			`### s2的lessie ##################################`




			`#输出`
			`output.elasticsearch:`
			`hosts: ["http://106.53.194.199:9200"]`
			`username: "admin"`
			`password: "123456"`
			`index: "out-241-flymoonlog-%{[environment]}-%{[application]}-%{+yyyy.MM}" # 按月分割索引`
			`bulk_max_size: 50 # 单批次传输最大文档数`
			`worker: 1 # 并行工作线程数`
			`timeout: 15s`



			`# 日志记录`
			`logging.level: info`
			`logging.to_files: true`
			`logging.files:`
			`path: /var/log/filebeat`
			`name: filebeat.log`
			`keepfiles: 7`
			`permissions: 0644`



			`# 设置队列和内存使用`
			`queue.mem:`
			`events: 1024`
			`flush.min_events: 512`
			`flush.timeout: 10s`