初始化提交

filebast/admin子配置文件.yaml

@@ -0,0 +1,29 @@
+filebeat.inputs:
+  - type: log
+    enabled: true
+    paths:
+      - /root/logs/sys-info*.log
+      - /root/logs/sys-error*.log
+      - /root/logs/sys-user*.log
+    fields:
+      application: my_app  # 自定义字段，标识应用名称
+    fields_under_root: true
+    multiline.pattern: '^[[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2}' # 根据你的日志格式调整
+    multiline.negate: true
+    multiline.match: after
+    ignore_older: 24h
+    scan_frequency: 10s
+    clean_inactive: 25h
+    close_inactive: 5m
+    close_renamed: true
+    start_position: beginning
+
+processors:
+  - drop_fields:
+      fields: ["agent", "ecs", "host.architecture", "host.os.*", "input.type", "log.offset", "tags"]
+  - include_fields:
+      fields: ["@timestamp", "message", "application", "host.ip", "host.name", "log.file.path"]
+
+output.elasticsearch:
+  hosts: ["http://<elasticsearch_host>:9200"]
+  index: "my_app-${+yyyy.MM.dd}"  # 按天分割的索引