更改filebast

2025-12-11 11:11:16 +08:00
parent 8288aad918
commit 7ad9956c5d
11 changed files with 269 additions and 16 deletions
--- a/filebast/us-prod-02/filebeat.yml
+++ b/filebast/us-prod-02/filebeat.yml
@@ -27,7 +27,7 @@ processors:
      when:
        equals:
          log_type: email.log
-      tokenizer: '%{timestamp} [%{thread}] %{level} %{class} - [%{method_line}] - %{message}'
+      tokenizer: '%{timestamp} %{level} %{pid} --- \\[%{thread}\\] %{message}'
      field: "message"
      target_prefix: "mylog"
      ignore_missing: true
@@ -37,7 +37,7 @@ processors:
      when:
        equals:
          log_type: agent.log
-      tokenizer: '%{timestamp} %{level} - [%{method},%{line}] - %{message}'
+      tokenizer: '%{date} %{time} %{level}  %{pid} --- [%{thread}] %{class->} : [%{app}] %{message}'
      field: "message"
      target_prefix: "mylog"
      ignore_missing: true
@@ -45,6 +45,7 @@ processors:



+
 #输出
 output.elasticsearch:
  hosts: ["http://106.53.194.199:9200"]
--- a/filebast/us-prod-02/flymoon-agent.yml
+++ b/filebast/us-prod-02/flymoon-agent.yml
@@ -9,7 +9,7 @@
    environment: us-pord    # 自定义字段，标识机器环境名称
    instance: us-prod-02  # 自定义字段，标识机器名称
  fields_under_root: true
-  multiline.pattern: '^\d{2}:\d{2}:\d{2}\.\d{3}' # 针对email的sys-info.log的日志格式多行
+  multiline.pattern: '^\d{4}-\d{2}-\d{2}\ \d{2}:\d{2}:\d{2}\.\d{3}'
  multiline.negate: true
  multiline.match: after
  ignore_older: 24h   # 忽略旧日志文件（避免处理已归档的日志）
--- a/filebast/us-prod-02/flymoon-email.yml
+++ b/filebast/us-prod-02/flymoon-email.yml
@@ -20,4 +20,3 @@
  start_position: beginning   # 从文件的开头读取
 

-
				`@@ -20,4 +20,3 @@`
				`start_position: beginning # 从文件的开头读取`