更改
This commit is contained in:
dxin
92
filebast/s1-lessie-server01/filebeat.yml
Normal file
92
filebast/s1-lessie-server01/filebeat.yml
Normal file
@@ -0,0 +1,92 @@
|
||||
# 配置索引模板名称和模式
|
||||
setup.template.name: "lessie-sit"
|
||||
setup.template.pattern: "lessie-sit*"
|
||||
setup.template.enabled: true
|
||||
setup.ilm.enabled: true
|
||||
|
||||
#主配置文件加载子配置文件
|
||||
filebeat.config.inputs:
|
||||
enabled: true
|
||||
path: /etc/filebeat/inputs.d/*.yml
|
||||
reload.enabled: true
|
||||
reload.period: 10s
|
||||
|
||||
|
||||
# 处理器
|
||||
processors:
|
||||
# lessie -------------------------
|
||||
|
||||
- dissect:
|
||||
when:
|
||||
equals:
|
||||
log_type: lessie_search.log
|
||||
tokenizer: '%{timestamp} - %{level} - %{module} - %{function} - %{message}'
|
||||
field: "message"
|
||||
target_prefix: "mylog"
|
||||
ignore_missing: true
|
||||
overwrite_keys: true
|
||||
|
||||
# 针对带有 [level: | event: | msg: | context:] 的日志,再做一次 dissect
|
||||
- dissect:
|
||||
when:
|
||||
regexp:
|
||||
mylog.message: '^\[level:.*\]'
|
||||
tokenizer: '[level: %{event_level} | event: %{event} | msg: %{msg} | context: %{context}]'
|
||||
field: "mylog.message"
|
||||
target_prefix: "mylog"
|
||||
ignore_missing: true
|
||||
overwrite_keys: true
|
||||
|
||||
# 把 context 再拆成独立字段
|
||||
- script:
|
||||
lang: javascript
|
||||
id: parse_context
|
||||
source: >
|
||||
function process(event) {
|
||||
var ctx = event.Get("mylog.context");
|
||||
if (ctx) {
|
||||
var parts = ctx.split(",");
|
||||
parts.forEach(function(p) {
|
||||
var kv = p.split(":");
|
||||
if (kv.length == 2) {
|
||||
event.Put("mylog." + kv[0].trim(), kv[1].trim());
|
||||
}
|
||||
});
|
||||
}
|
||||
}
|
||||
# lessie ------------------------
|
||||
|
||||
- decode_json_fields:
|
||||
when:
|
||||
equals:
|
||||
log_type: go.log
|
||||
fields: ["message"]
|
||||
target: ""
|
||||
overwrite_keys: true
|
||||
add_error_key: true
|
||||
|
||||
|
||||
#输出
|
||||
output.elasticsearch:
|
||||
hosts: ["http://106.53.194.199:9200"]
|
||||
username: "admin"
|
||||
password: "123456"
|
||||
index: "%{[environment]}-%{[application]}-%{+yyyy.MM.dd}" # 按天分割索引
|
||||
bulk_max_size: 50 # 单批次传输最大文档数
|
||||
worker: 1 # 并行工作线程数
|
||||
timeout: 15s
|
||||
|
||||
# 日志记录
|
||||
logging.level: info
|
||||
logging.to_files: true
|
||||
logging.files:
|
||||
path: /var/log/filebeat
|
||||
name: filebeat.log
|
||||
keepfiles: 7
|
||||
permissions: 0644
|
||||
|
||||
# 设置队列和内存使用
|
||||
queue.mem:
|
||||
events: 1024
|
||||
flush.min_events: 512
|
||||
flush.timeout: 10s
|
||||
Reference in New Issue
Block a user