2026-01-27同步
This commit is contained in:
19
filebast/s1-lessie-server01/s4_lessie_search.yml
Normal file
19
filebast/s1-lessie-server01/s4_lessie_search.yml
Normal file
@@ -0,0 +1,19 @@
|
||||
- type: log
|
||||
id: s4_lessie_search
|
||||
enabled: true
|
||||
paths:
|
||||
- /data/webapps/lessie_sourcing_agents_s4/logs/lessie_sourcing_agents*.log
|
||||
include_lines: ['^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2},\d{3}'] # 只包含匹配该正则表达式的行
|
||||
fields:
|
||||
application: lessie-search
|
||||
log_type: lessie_search.log
|
||||
environment: s4
|
||||
instance: weblessie-server-01
|
||||
ip: 43.130.56.138
|
||||
fields_under_root: true
|
||||
ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
|
||||
scan_frequency: 10s # 定期扫描新文件的频率
|
||||
clean_inactive: 25h # 清除超过一天未更新的文件
|
||||
close_inactive: 5m # 文件超过5分钟无更新则关闭
|
||||
close_renamed: true # 处理被重命名的文件
|
||||
start_position: beginning # 从文件的开头读取
|
||||
@@ -1,6 +1,6 @@
|
||||
# 配置索引模板名称和模式
|
||||
setup.template.name: "us-prod-03"
|
||||
setup.template.pattern: "us-prod-03*"
|
||||
setup.template.name: "us-prod"
|
||||
setup.template.pattern: "us-prod*"
|
||||
setup.template.enabled: true
|
||||
setup.ilm.enabled: true
|
||||
|
||||
@@ -22,6 +22,15 @@ processors:
|
||||
overwrite_keys: true
|
||||
add_error_key: true
|
||||
|
||||
- decode_json_fields:
|
||||
when:
|
||||
equals:
|
||||
log_type: lessie-email.log
|
||||
fields: ["message"]
|
||||
target: ""
|
||||
overwrite_keys: true
|
||||
add_error_key: true
|
||||
|
||||
- dissect:
|
||||
when:
|
||||
equals:
|
||||
@@ -32,8 +41,6 @@ processors:
|
||||
ignore_missing: true
|
||||
overwrite_keys: true
|
||||
|
||||
|
||||
|
||||
- dissect:
|
||||
when:
|
||||
equals:
|
||||
@@ -49,10 +56,10 @@ processors:
|
||||
|
||||
#输出
|
||||
output.elasticsearch:
|
||||
hosts: ["http://106.53.194.199:9200"]
|
||||
hosts: ["http://106.53.194.199:9201"]
|
||||
username: "admin"
|
||||
password: "123456"
|
||||
index: "%{[environment]}-%{[application]}-%{+yyyy.MM.dd}" # 按天分割索引
|
||||
index: "%{[environment]}-%{[application]}-%{+yyyy.MM}" # 按月割索引
|
||||
bulk_max_size: 50 # 单批次传输最大文档数
|
||||
worker: 1 # 并行工作线程数
|
||||
timeout: 15s
|
||||
|
||||
20
filebast/us-prod-03/lessie-email.yml
Normal file
20
filebast/us-prod-03/lessie-email.yml
Normal file
@@ -0,0 +1,20 @@
|
||||
- type: log
|
||||
id: us_pord_03_lessie-email
|
||||
enabled: true
|
||||
paths:
|
||||
- /data/webapps/lessie-email/logs/lessie_email.log
|
||||
fields:
|
||||
application: lessie-email # 自定义字段,标识应用名称
|
||||
log_type: lessie-email.log # 自定义字段,标识日志类型
|
||||
environment: us-pord # 自定义字段,标识机器环境名称
|
||||
instance: us-prod-03 # 自定义字段,标识机器名称
|
||||
fields_under_root: true
|
||||
ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
|
||||
scan_frequency: 10s # 定期扫描新文件的频率
|
||||
clean_inactive: 25h # 清除超过一天未更新的文件
|
||||
close_inactive: 5m # 文件超过5分钟无更新则关闭
|
||||
close_renamed: true # 处理被重命名的文件
|
||||
start_position: beginning # 从文件的开头读取
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user