dxin/Work-configuration-file
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

更改

Browse Source
This commit is contained in:
dxin
2025-10-16 18:06:07 +08:00
parent 82a4aa0e14
commit 22fdb86b41
18 changed files with 416 additions and 232 deletions
Download Patch File Download Diff File Expand all files Collapse all files

104
filebast/s2s3-lessie-server01/filebeat.yml Normal file
View File

@@ -0,0 +1,104 @@
# 配置索引模板名称和模式
setup.template.name: "lessie-sit"
setup.template.pattern: "lessie-sit*"
setup.template.enabled: true
setup.ilm.enabled: true
#主配置文件加载子配置文件
filebeat.config.inputs:
enabled: true
path: /etc/filebeat/inputs.d/*.yml
reload.enabled: true
reload.period: 10s
# 处理器
processors:
- dissect:
when:
equals:
log_type: email-log
tokenizer: '%{timestamp} [%{thread}] %{level} %{class} - [%{method_line}] - %{message}'
field: "message"
target_prefix: "mylog"
ignore_missing: true
overwrite_keys: true
# lessie -------------------------
- dissect:
when:
equals:
log_type: lessie_search.log
tokenizer: '%{timestamp} - %{level} - %{module} - %{function} - %{message}'
field: "message"
target_prefix: "mylog"
ignore_missing: true
overwrite_keys: true
# 针对带有 [level: | event: | msg: | context:] 的日志,再做一次 dissect
- dissect:
when:
regexp:
mylog.message: '^\[level:.*\]'
tokenizer: '[level: %{event_level} | event: %{event} | msg: %{msg} | context: %{context}]'
field: "mylog.message"
target_prefix: "mylog"
ignore_missing: true
overwrite_keys: true
# 把 context 再拆成独立字段
- script:
lang: javascript
id: parse_context
source: >
function process(event) {
var ctx = event.Get("mylog.context");
if (ctx) {
var parts = ctx.split(",");
parts.forEach(function(p) {
var kv = p.split(":");
if (kv.length == 2) {
event.Put("mylog." + kv[0].trim(), kv[1].trim());
}
});
}
}
# lessie ------------------------
- decode_json_fields:
when:
equals:
log_type: go.log
fields: ["message"]
target: ""
overwrite_keys: true
add_error_key: true
#输出
output.elasticsearch:
hosts: ["http://106.53.194.199:9200"]
username: "admin"
password: "123456"
index: "%{[environment]}-%{[application]}-%{+yyyy.MM.dd}" # 按天分割索引
bulk_max_size: 50 # 单批次传输最大文档数
worker: 1 # 并行工作线程数
timeout: 15s
# 日志记录
logging.level: info
logging.to_files: true
logging.files:
path: /var/log/filebeat
name: filebeat.log
keepfiles: 7
permissions: 0644
# 设置队列和内存使用
queue.mem:
events: 1024
flush.min_events: 512
flush.timeout: 10s

25
filebast/s2s3-lessie-server01/s2_go_lessie_sourcing_api.yml Normal file
View File

@@ -0,0 +1,25 @@
- type: log
id: s2_go_lessie_sourcing_api
enabled: true
paths:
- /data/webapps/go_lessie_sourcing_api/logs/*.log
follow_symlinks: true
harvester_limit: 1
fields:
application: go-lessie-sourcing_api # 自定义字段,标识应用名称
log_type: go.log # 自定义字段,标识日志类型
environment: s2 # 自定义字段,标识机器环境名称
instance: webdrive-server # 自定义字段,标识机器名称
fields_under_root: true
# multiline.pattern: '^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}'
# multiline.negate: true
# multiline.match: after
ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
scan_frequency: 10s # 定期扫描新文件的频率
clean_inactive: 25h # 清除超过一天未更新的文件
close_inactive: 5m # 文件超过5分钟无更新则关闭
close_renamed: true # 处理被重命名的文件
start_position: beginning # 从文件的开头读取

24
filebast/s2s3-lessie-server01/s2_lessie_search.yml Normal file
View File

@@ -0,0 +1,24 @@
- type: log
id: s2_lessie_search
enabled: true
paths:
- /data/webapps/lessie_sourcing_agents/logs/lessie_sourcing_agents_*.log
include_lines: ['^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2},\d{3}'] # 只包含匹配该正则表达式的行
fields:
application: lessie_search
log_type: lessie_search.log
environment: s2
instance: webdrive-server
ip: 43.159.145.241
fields_under_root: true
# multiline.pattern: '^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2},\d{3}'
# multiline.negate: true
# multiline.match: after
ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
scan_frequency: 10s # 定期扫描新文件的频率
clean_inactive: 25h # 清除超过一天未更新的文件
close_inactive: 5m # 文件超过5分钟无更新则关闭
close_renamed: true # 处理被重命名的文件
start_position: beginning # 从文件的开头读取

25
filebast/s2s3-lessie-server01/s3_go_lessie_sourcing_api.yml Normal file
View File

@@ -0,0 +1,25 @@
- type: log
id: s3_go_lessie_sourcing_api
enabled: true
paths:
- /data/webapps/s3_go_lessie_sourcing_api/logs/*.log
follow_symlinks: true
harvester_limit: 1
fields:
application: go-lessie-sourcing_api # 自定义字段,标识应用名称
log_type: go.log # 自定义字段,标识日志类型
environment: s3 # 自定义字段,标识机器环境名称
instance: webdrive-server # 自定义字段,标识机器名称
fields_under_root: true
# multiline.pattern: '^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}'
# multiline.negate: true
# multiline.match: after
ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
scan_frequency: 10s # 定期扫描新文件的频率
clean_inactive: 25h # 清除超过一天未更新的文件
close_inactive: 5m # 文件超过5分钟无更新则关闭
close_renamed: true # 处理被重命名的文件
start_position: beginning # 从文件的开头读取

25
filebast/s2s3-lessie-server01/s3_lessie_search.yml Normal file
View File

@@ -0,0 +1,25 @@
- type: log
id: s3_lessie_search
enabled: true
paths:
- /data/webapps/qmm_sourcing_agents/logs/lessie_sourcing_agents_*.log
include_lines: ['^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2},\d{3}'] # 只包含匹配该正则表达式的行
fields:
application: lessie_search
log_type: lessie_search.log
environment: s3
instance: webdrive-server
ip: 43.159.145.241
fields_under_root: true
# multiline.pattern: '^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2},\d{3}'
# multiline.negate: true
# multiline.match: after
ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
scan_frequency: 10s # 定期扫描新文件的频率
clean_inactive: 25h # 清除超过一天未更新的文件
close_inactive: 5m # 文件超过5分钟无更新则关闭
close_renamed: true # 处理被重命名的文件
start_position: beginning # 从文件的开头读取