dxin/Work-configuration-file
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

初始化提交

Browse Source
This commit is contained in:
dxin
2025-10-13 11:05:51 +08:00
commit ab171d45bb
301 changed files with 59788 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
filebast/admin子配置文件.yaml Normal file
View File

@@ -0,0 +1,29 @@
filebeat.inputs:
- type: log
enabled: true
paths:
- /root/logs/sys-info*.log
- /root/logs/sys-error*.log
- /root/logs/sys-user*.log
fields:
application: my_app # 自定义字段,标识应用名称
fields_under_root: true
multiline.pattern: '^[[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2}' # 根据你的日志格式调整
multiline.negate: true
multiline.match: after
ignore_older: 24h
scan_frequency: 10s
clean_inactive: 25h
close_inactive: 5m
close_renamed: true
start_position: beginning
processors:
- drop_fields:
fields: ["agent", "ecs", "host.architecture", "host.os.*", "input.type", "log.offset", "tags"]
- include_fields:
fields: ["@timestamp", "message", "application", "host.ip", "host.name", "log.file.path"]
output.elasticsearch:
hosts: ["http://<elasticsearch_host>:9200"]
index: "my_app-${+yyyy.MM.dd}" # 按天分割的索引

110
filebast/pord01/filebeat.yml Normal file
View File

@@ -0,0 +1,110 @@
setup.template.enabled: true
setup.ilm.enabled: true
setup.template.name: "pord01-flymoonlog"
setup.template.pattern: "pord01-flymoonlog*"
#主配置文件加载子配置文件
filebeat.config.inputs:
enabled: true
path: /etc/filebeat/inputs.d/*.yml
reload.enabled: true
reload.period: 10s
# 处理器
processors:
- dissect:
when:
equals:
log_type: sys-info
tokenizer: '%{timestamp} [%{thread}] %{log_level} %{log_message}'
field: "message"
target_prefix: "parsed_sys_info"
ignore_missing: true
overwrite_keys: false
- dissect:
when:
equals:
log_type: email-log
tokenizer: '%{timestamp} [%{thread}] %{level} %{class} - [%{method_line}] - %{message}'
field: "message"
target_prefix: "mylog"
ignore_missing: true
overwrite_keys: true
- dissect:
when:
equals:
log_type: admin-log
tokenizer: '%{timestamp} [%{thread}] %{level} %{class} - [%{method_line}] - %{message}'
field: "message"
target_prefix: "mylog"
ignore_missing: true
overwrite_keys: true
- dissect:
when:
equals:
log_type: agent-log
tokenizer: '%{timestamp} %{level} - [%{method},%{line}] - %{message}'
field: "message"
target_prefix: "mylog"
ignore_missing: true
overwrite_keys: true
- dissect:
when:
equals:
log_type: payment-log
tokenizer: '%{timestamp} %{level} - [%{method},%{line}] - %{message}'
field: "message"
target_prefix: "mylog"
ignore_missing: true
overwrite_keys: true
- dissect:
when:
equals:
log_type: payment-log
tokenizer: '%{timestamp} [%{thread}] %{level} %{class} - [%{method},%{line}] - %{message}'
field: "message"
target_prefix: "mylog"
ignore_missing: true
overwrite_keys: true
#输出
output.elasticsearch:
hosts: ["http://192.168.70.16:9200"]
username: "admin"
password: "123456"
index: "pord01-flymoonlog-%{[environment]}-%{[application]}-%{+yyyy.MM}" # 按月分割索引
bulk_max_size: 50 # 单批次传输最大文档数
worker: 1 # 并行工作线程数
timeout: 15s
# 日志记录
logging.level: info
logging.to_files: true
logging.files:
path: /var/log/filebeat
name: filebeat.log
keepfiles: 7
permissions: 0644
# 设置队列和内存使用
queue.mem:
events: 1024
flush.min_events: 512
flush.timeout: 10s

22
filebast/pord01/fly-moon-agent.yml Normal file
View File

@@ -0,0 +1,22 @@
- type: log
id: pord01_fly-moon-agent
enabled: true
paths:
- /root/logs/flymoon-agent/sys-info.log
fields:
application: flymoon-agent # 自定义字段,标识应用名称
log_type: agent-log # 自定义字段,标识日志类型
environment: pord01 # 自定义字段,标识机器环境名称
fields_under_root: true
multiline.pattern: '^\d{2}:\d{2}:\d{2}\.\d{3}' # 针对email的sys-info.log的日志格式多行
multiline.negate: true
multiline.match: after
ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
scan_frequency: 10s # 定期扫描新文件的频率
clean_inactive: 25h # 清除超过一天未更新的文件
close_inactive: 5m # 文件超过5分钟无更新则关闭
close_renamed: true # 处理被重命名的文件
start_position: beginning # 从文件的开头读取

22
filebast/pord01/fly-moon-email_v2.yml Normal file
View File

@@ -0,0 +1,22 @@
- type: log
id: input_pord01_fly-moon-email_v2-nohup
enabled: true
paths:
- /root/logs/flymoon-email/sys-info.log
fields:
application: fly-moon-email_v2 # 自定义字段,标识应用名称
log_type: email-log # 自定义字段,标识日志类型
environment: pord01 # 自定义字段,标识机器环境名称
fields_under_root: true
multiline.pattern: '^\d{2}:\d{2}:\d{2}\.\d{3}' # 针对email的sys-info.log的日志格式多行
multiline.negate: true
multiline.match: after
ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
scan_frequency: 10s # 定期扫描新文件的频率
clean_inactive: 25h # 清除超过一天未更新的文件
close_inactive: 5m # 文件超过5分钟无更新则关闭
close_renamed: true # 处理被重命名的文件
start_position: beginning # 从文件的开头读取

19
filebast/pord01/fly_moon_crawlSpider.yml Normal file
View File

@@ -0,0 +1,19 @@
- type: filestream
id: input_pord01_flymoon_crawlSpider_sys-info
enabled: true
paths:
- /root/logs/fly_moon_crawlSpider/sys-info.log
fields:
application: flymoon_crawlSpider # 自定义字段,标识应用名称
log_type: sys-info # 自定义字段,标识日志类型
environment: pord01 # 自定义字段,标识机器环境名称
fields_under_root: true
multiline.pattern: '^\d{2}:\d{2}:\d{2}\.\d{3}' # 针对info的日志格式多行
multiline.negate: true
multiline.match: after
ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
scan_frequency: 10s # 定期扫描新文件的频率
clean_inactive: 25h # 清除超过一天未更新的文件
close_inactive: 5m # 文件超过5分钟无更新则关闭
close_renamed: true # 处理被重命名的文件
start_position: beginning # 从文件的开头读取

19
filebast/pord01/flymoon-admin.yml Normal file
View File

@@ -0,0 +1,19 @@
- type: log
id: input_pord01_flymoon-admin_sys-info
enabled: true
paths:
- /root/logs/flymoon-admin/sys-info.log
fields:
application: flymoon-admin # 自定义字段,标识应用名称
log_type: sys-info # 自定义字段,标识日志类型
environment: pord01 # 自定义字段,标识机器环境名称
fields_under_root: true
multiline.pattern: '^\d{2}:\d{2}:\d{2}\.\d{3}' # 针对info的日志格式
multiline.negate: true
multiline.match: after
ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
scan_frequency: 10s # 定期扫描新文件的频率
clean_inactive: 25h # 清除超过一天未更新的文件
close_inactive: 5m # 文件超过5分钟无更新则关闭
close_renamed: true # 处理被重命名的文件
start_position: beginning # 从文件的开头读取

72
filebast/pord01/flymoon-partner.yml Normal file
View File

@@ -0,0 +1,72 @@
- type: filestream
id: input_pord01_flymoon-partner_sys-info
enabled: true
paths:
- /root/logs/flymoon-partner/sys-info.log
fields:
application: flymoon-partner # 自定义字段,标识应用名称
log_type: sys-info # 自定义字段,标识日志类型
environment: pord01 # 自定义字段,标识机器环境名称
fields_under_root: true
multiline.pattern: '^\d{2}:\d{2}:\d{2}\.\d{3}' # 针对info的日志格式多行
multiline.negate: true
multiline.match: after
ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
scan_frequency: 10s # 定期扫描新文件的频率
clean_inactive: 25h # 清除超过一天未更新的文件
close_inactive: 5m # 文件超过5分钟无更新则关闭
close_renamed: true # 处理被重命名的文件
start_position: beginning # 从文件的开头读取
# - type: filestream
# id: input_sit_flymoon-admin_sys-error
# enabled: true
# paths:
# - /root/logs/flymoon-admin/sys-error.log
# fields:
# application: flymoon-admin # 自定义字段,标识应用名称
# log_type: sys-error # 自定义字段,标识日志类型
# environment: sit # 自定义字段,标识机器环境名称
# fields_under_root: true
# multiline.pattern: '^\d{2}:\d{2}:\d{2}\.\d{3}' # 针对error的日志格式
# multiline.negate: true
# multiline.match: after
# ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
# scan_frequency: 10s # 定期扫描新文件的频率
# clean_inactive: 25h # 清除超过一天未更新的文件
# close_inactive: 5m # 文件超过5分钟无更新则关闭
# close_renamed: true # 处理被重命名的文件
# start_position: beginning # 从文件的开头读取
# - type: filestream
# id: input_sit_flymoon-admin_sys-user
# enabled: true
# paths:
# - /root/logs/flymoon-admin/sys-user.log
# fields:
# application: flymoon-admin # 自定义字段,标识应用名称
# log_type: sys-user # 自定义字段,标识日志类型
# environment: sit # 自定义字段,标识机器环境名称
# fields_under_root: true
# multiline.pattern: '^\d{2}:\d{2}:\d{2}\.\d{3}' # 针对user的日志格式
# multiline.negate: true
# multiline.match: after
# ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
# scan_frequency: 10s # 定期扫描新文件的频率
# clean_inactive: 25h # 清除超过一天未更新的文件
# close_inactive: 5m # 文件超过5分钟无更新则关闭
# close_renamed: true # 处理被重命名的文件
# start_position: beginning # 从文件的开头读取
#设置索引模版
# setup.template.name: "sit-flymoon-admin"
# setup.template.pattern: "sit-flymoon-admin*"
# output.elasticsearch:
# hosts: ["http://192.168.60.21:9200"]
# username: "admin"
# password: "123456"
# index: "sit-flymoon-admin-%{+yyyy.MM}" # 按月分割索引

20
filebast/pord01/flymoon-payment.yml Normal file
View File

@@ -0,0 +1,20 @@
- type: log
id: input_pord01_flymoon-payment_sys-info
enabled: true
paths:
- /root/logs/flymoon-payment/sys-info.log
fields:
application: flymoon-payment # 自定义字段,标识应用名称
log_type: payment-log # 自定义字段,标识日志类型
environment: pord01 # 自定义字段,标识机器环境名称
fields_under_root: true
multiline.pattern: '^\d{2}:\d{2}:\d{2}\.\d{3}'
multiline.negate: true
multiline.match: after
ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
scan_frequency: 10s # 定期扫描新文件的频率
clean_inactive: 25h # 清除超过一天未更新的文件
close_inactive: 5m # 文件超过5分钟无更新则关闭
close_renamed: true # 处理被重命名的文件
start_position: beginning # 从文件的开头读取

72
filebast/pord01/flymoon-sse.yml Normal file
View File

@@ -0,0 +1,72 @@
- type: filestream
id: input_pord01_flymoon-sse_sys-info
enabled: true
paths:
- /root/logs/flymoon-sse/sys-info.log
fields:
application: flymoon-sse # 自定义字段,标识应用名称
log_type: sys-info # 自定义字段,标识日志类型
environment: pord01 # 自定义字段,标识机器环境名称
fields_under_root: true
multiline.pattern: '^\d{2}:\d{2}:\d{2}\.\d{3}' # 针对info的日志格式多行
multiline.negate: true
multiline.match: after
ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
scan_frequency: 10s # 定期扫描新文件的频率
clean_inactive: 25h # 清除超过一天未更新的文件
close_inactive: 5m # 文件超过5分钟无更新则关闭
close_renamed: true # 处理被重命名的文件
start_position: beginning # 从文件的开头读取
# - type: filestream
# id: input_sit_flymoon-admin_sys-error
# enabled: true
# paths:
# - /root/logs/flymoon-admin/sys-error.log
# fields:
# application: flymoon-admin # 自定义字段,标识应用名称
# log_type: sys-error # 自定义字段,标识日志类型
# environment: sit # 自定义字段,标识机器环境名称
# fields_under_root: true
# multiline.pattern: '^\d{2}:\d{2}:\d{2}\.\d{3}' # 针对error的日志格式
# multiline.negate: true
# multiline.match: after
# ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
# scan_frequency: 10s # 定期扫描新文件的频率
# clean_inactive: 25h # 清除超过一天未更新的文件
# close_inactive: 5m # 文件超过5分钟无更新则关闭
# close_renamed: true # 处理被重命名的文件
# start_position: beginning # 从文件的开头读取
# - type: filestream
# id: input_sit_flymoon-admin_sys-user
# enabled: true
# paths:
# - /root/logs/flymoon-admin/sys-user.log
# fields:
# application: flymoon-admin # 自定义字段,标识应用名称
# log_type: sys-user # 自定义字段,标识日志类型
# environment: sit # 自定义字段,标识机器环境名称
# fields_under_root: true
# multiline.pattern: '^\d{2}:\d{2}:\d{2}\.\d{3}' # 针对user的日志格式
# multiline.negate: true
# multiline.match: after
# ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
# scan_frequency: 10s # 定期扫描新文件的频率
# clean_inactive: 25h # 清除超过一天未更新的文件
# close_inactive: 5m # 文件超过5分钟无更新则关闭
# close_renamed: true # 处理被重命名的文件
# start_position: beginning # 从文件的开头读取
#设置索引模版
# setup.template.name: "sit-flymoon-admin"
# setup.template.pattern: "sit-flymoon-admin*"
# output.elasticsearch:
# hosts: ["http://192.168.60.21:9200"]
# username: "admin"
# password: "123456"
# index: "sit-flymoon-admin-%{+yyyy.MM}" # 按月分割索引

73
filebast/pord01/flymoon-task.yml Normal file
View File

@@ -0,0 +1,73 @@
- type: filestream
id: input_pord01_flymoon-task_sys-info
enabled: true
paths:
- /root/logs/flymoon-task/sys-info.log
fields:
application: flymoon-task # 自定义字段,标识应用名称
log_type: sys-info # 自定义字段,标识日志类型
environment: pord01 # 自定义字段,标识机器环境名称
fields_under_root: true
multiline.pattern: '^\d{2}:\d{2}:\d{2}\.\d{3}[+-]\d{2}:\d{2} \[[\w-]+\]' # 针对info的日志格式多行
multiline.negate: true
multiline.match: after
ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
scan_frequency: 10s # 定期扫描新文件的频率
clean_inactive: 25h # 清除超过一天未更新的文件
close_inactive: 5m # 文件超过5分钟无更新则关闭
close_renamed: true # 处理被重命名的文件
start_position: beginning # 从文件的开头读取
encoding: utf-8 # 添加日志文件编码
# - type: filestream
# id: input_sit_flymoon-admin_sys-error
# enabled: true
# paths:
# - /root/logs/flymoon-admin/sys-error.log
# fields:
# application: flymoon-admin # 自定义字段,标识应用名称
# log_type: sys-error # 自定义字段,标识日志类型
# environment: sit # 自定义字段,标识机器环境名称
# fields_under_root: true
# multiline.pattern: '^\d{2}:\d{2}:\d{2}\.\d{3}' # 针对error的日志格式
# multiline.negate: true
# multiline.match: after
# ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
# scan_frequency: 10s # 定期扫描新文件的频率
# clean_inactive: 25h # 清除超过一天未更新的文件
# close_inactive: 5m # 文件超过5分钟无更新则关闭
# close_renamed: true # 处理被重命名的文件
# start_position: beginning # 从文件的开头读取
# - type: filestream
# id: input_sit_flymoon-admin_sys-user
# enabled: true
# paths:
# - /root/logs/flymoon-admin/sys-user.log
# fields:
# application: flymoon-admin # 自定义字段,标识应用名称
# log_type: sys-user # 自定义字段,标识日志类型
# environment: sit # 自定义字段,标识机器环境名称
# fields_under_root: true
# multiline.pattern: '^\d{2}:\d{2}:\d{2}\.\d{3}' # 针对user的日志格式
# multiline.negate: true
# multiline.match: after
# ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
# scan_frequency: 10s # 定期扫描新文件的频率
# clean_inactive: 25h # 清除超过一天未更新的文件
# close_inactive: 5m # 文件超过5分钟无更新则关闭
# close_renamed: true # 处理被重命名的文件
# start_position: beginning # 从文件的开头读取
#设置索引模版
# setup.template.name: "sit-flymoon-admin"
# setup.template.pattern: "sit-flymoon-admin*"
# output.elasticsearch:
# hosts: ["http://192.168.60.21:9200"]
# username: "admin"
# password: "123456"
# index: "sit-flymoon-admin-%{+yyyy.MM}" # 按月分割索引

83
filebast/prod的filebeat.yml Normal file
View File

@@ -0,0 +1,83 @@
setup.template.enabled: true
setup.ilm.enabled: true
setup.template.name: "fly-moon-email_v2_logs"
setup.template.pattern: "fly-moon-email_v2_logs*"
filebeat.inputs:
- type: filestream
id: fly-moon-email_v2_logs
enabled: true
paths:
- /data/webapps/fly_moon_email_v2/nohup.out
# 从文件末尾开始读取
tail_files: true
start_position: end # 从文件末尾开始读取
# 扫描新日志文件的频率
scan_frequency: 10s
# 防止 Filebeat 过早关闭文件句柄
close_inactive: 15m
# 忽略超过指定时间未更新的日志文件
ignore_older: 24h
# 清理超过指定时间未使用的状态
clean_inactive: 48h
parsers:
- multiline:
type: pattern
pattern: '^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}'
negate: true
match: after
# 输出到 Elasticsearch
output.elasticsearch:
hosts: ["http://192.168.60.21:9200"]
username: "elastic"
password: "Elastic_123456"
index: "fly-moon-email_v2_logs-%{+yyyy.MM.dd}"
bulk_max_size: 1024 # 单批次传输最大文档数
worker: 1 # 并行工作线程数
# 处理器(数据增强)
processors:
- add_host_metadata: ~ # 添加主机元数据
- add_cloud_metadata: ~ # 添加云环境元数据(如果在云上)
- add_docker_metadata: ~ # 添加 Docker 元数据(如果在 Docker 中)
- add_fields:
target: ""
fields:
environment: "production"
application: "fly-moon-email_v2"
- drop_fields:
fields: ["agent", "ecs"] # 删除不必要的字段,减少存储开销
# 日志记录
logging.level: info
logging.to_files: true
logging.files:
path: /var/log/filebeat
name: filebeat.log
keepfiles: 7
permissions: 0644
# 设置队列和内存使用
queue.mem:
events: 1024
flush.min_events: 512
flush.timeout: 5s

78
filebast/sit/filebeat.yml Normal file
View File

@@ -0,0 +1,78 @@
setup.template.enabled: true
setup.ilm.enabled: true
setup.template.name: "sit-flymoonlog"
setup.template.pattern: "sit-flymoonlog*"
#主配置文件加载子配置文件
filebeat.config.inputs:
enabled: true
path: /etc/filebeat/inputs.d/*.yml
reload.enabled: true
reload.period: 10s
#处理器
processors:
- dissect:
when:
equals:
log_type: sys-info
tokenizer: '%{timestamp} [%{thread}] %{log_level} %{class_name} - [%{method},%{line}] - %{message}'
field: "message"
target_prefix: "parsed_sys_info"
# - include_fields:
# fields: ["@timestamp", "log_type", "message", "application", "host.ip", "host.name", "log.file.path", "parsed_sys_info.timestamp", "parsed_sys_info.log_level", "parsed_sys_info.message", "parsed_sys_info.method", "parsed_sys_info.thread", "_id", "_index" ]
- dissect:
when:
equals:
log_type: sys-error
tokenizer: '%{timestamp} [%{thread}] %{log_level} %{logger} - [%{method},%{line}] - %{message}'
field: "message"
target_prefix: "parsed_sys_error"
# - include_fields:
# fields: ["@timestamp", "log_type", "message", "application", "host.ip", "host.name", "log.file.path", "parsed_sys_info.timestamp", "parsed_sys_info.log_level", "parsed_sys_info.message", "parsed_sys_info.method", "parsed_sys_info.thread", "_id", "_index", "parsed_sys_info.logger" ]
- dissect:
when:
equals:
log_type: sys-user
tokenizer: '%{timestamp} [%{thread}] %{log_level} %{module} - [%{method},%{line}] - %{message}'
field: "message"
target_prefix: "parsed_sys_user"
# - include_fields:
# fields: ["@timestamp", "log_type", "message", "application", "host.ip", "host.name", "log.file.path", "parsed_sys_info.timestamp", "parsed_sys_info.log_level", "parsed_sys_info.message", "parsed_sys_info.method", "parsed_sys_info.thread", "_id", "_index", "parsed_sys_info.module" ]
#输出
output.elasticsearch:
hosts: ["http://192.168.60.21:9200"]
username: "admin"
password: "123456"
index: "sit-flymoonlog-%{[environment]}-%{[application]}-%{+yyyy.MM}" # 按月分割索引
bulk_max_size: 50 # 单批次传输最大文档数
worker: 1 # 并行工作线程数
timeout: 15s
# 日志记录
logging.level: info
logging.to_files: true
logging.files:
path: /var/log/filebeat
name: filebeat.log
keepfiles: 7
permissions: 0644
# 设置队列和内存使用
queue.mem:
events: 1024
flush.min_events: 512
flush.timeout: 60s

22
filebast/sit/fly-moon-payment.yml Normal file
View File

@@ -0,0 +1,22 @@
- type: log
id: pord01_fly-moon-agent
enabled: true
paths:
- /root/logs/flymoon-agent/sys-info.log
fields:
application: flymoon-agent # 自定义字段,标识应用名称
log_type: sys-info # 自定义字段,标识日志类型
environment: pord01 # 自定义字段,标识机器环境名称
fields_under_root: true
multiline.pattern: '^\d{2}:\d{2}:\d{2}\.\d{3}' # 针对email的sys-info.log的日志格式多行
multiline.negate: true
multiline.match: after
ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
scan_frequency: 10s # 定期扫描新文件的频率
clean_inactive: 25h # 清除超过一天未更新的文件
close_inactive: 5m # 文件超过5分钟无更新则关闭
close_renamed: true # 处理被重命名的文件
start_position: beginning # 从文件的开头读取

72
filebast/sit/flymoon-admin.yml Normal file
View File

@@ -0,0 +1,72 @@
- type: filestream
id: input_sit_flymoon-admin_sys-info
enabled: true
paths:
- /root/logs/flymoon-admin/sys-info.log
fields:
application: flymoon-admin # 自定义字段,标识应用名称
log_type: sys-info # 自定义字段,标识日志类型
environment: sit # 自定义字段,标识机器环境名称
fields_under_root: true
multiline.pattern: '^\d{2}:\d{2}:\d{2}\.\d{3}' # 针对info的日志格式
multiline.negate: true
multiline.match: after
ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
scan_frequency: 10s # 定期扫描新文件的频率
clean_inactive: 25h # 清除超过一天未更新的文件
close_inactive: 5m # 文件超过5分钟无更新则关闭
close_renamed: true # 处理被重命名的文件
start_position: beginning # 从文件的开头读取
# - type: filestream
# id: input_sit_flymoon-admin_sys-error
# enabled: true
# paths:
# - /root/logs/flymoon-admin/sys-error.log
# fields:
# application: flymoon-admin # 自定义字段,标识应用名称
# log_type: sys-error # 自定义字段,标识日志类型
# environment: sit # 自定义字段,标识机器环境名称
# fields_under_root: true
# multiline.pattern: '^\d{2}:\d{2}:\d{2}\.\d{3}' # 针对error的日志格式
# multiline.negate: true
# multiline.match: after
# ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
# scan_frequency: 10s # 定期扫描新文件的频率
# clean_inactive: 25h # 清除超过一天未更新的文件
# close_inactive: 5m # 文件超过5分钟无更新则关闭
# close_renamed: true # 处理被重命名的文件
# start_position: beginning # 从文件的开头读取
# - type: filestream
# id: input_sit_flymoon-admin_sys-user
# enabled: true
# paths:
# - /root/logs/flymoon-admin/sys-user.log
# fields:
# application: flymoon-admin # 自定义字段,标识应用名称
# log_type: sys-user # 自定义字段,标识日志类型
# environment: sit # 自定义字段,标识机器环境名称
# fields_under_root: true
# multiline.pattern: '^\d{2}:\d{2}:\d{2}\.\d{3}' # 针对user的日志格式
# multiline.negate: true
# multiline.match: after
# ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
# scan_frequency: 10s # 定期扫描新文件的频率
# clean_inactive: 25h # 清除超过一天未更新的文件
# close_inactive: 5m # 文件超过5分钟无更新则关闭
# close_renamed: true # 处理被重命名的文件
# start_position: beginning # 从文件的开头读取
#设置索引模版
# setup.template.name: "sit-flymoon-admin"
# setup.template.pattern: "sit-flymoon-admin*"
# output.elasticsearch:
# hosts: ["http://192.168.60.21:9200"]
# username: "admin"
# password: "123456"
# index: "sit-flymoon-admin-%{+yyyy.MM}" # 按月分割索引

72
filebast/sit/flymoon-partner.yml Normal file
View File

@@ -0,0 +1,72 @@
- type: filestream
id: input_sit_flymoon-partner_sys-info
enabled: true
paths:
- /root/logs/flymoon-partner/sys-info.log
fields:
application: flymoon-partner # 自定义字段,标识应用名称
log_type: sys-info # 自定义字段,标识日志类型
environment: sit # 自定义字段,标识机器环境名称
fields_under_root: true
multiline.pattern: '^\d{2}:\d{2}:\d{2}\.\d{3}' # 针对info的日志格式多行
multiline.negate: true
multiline.match: after
ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
scan_frequency: 10s # 定期扫描新文件的频率
clean_inactive: 25h # 清除超过一天未更新的文件
close_inactive: 5m # 文件超过5分钟无更新则关闭
close_renamed: true # 处理被重命名的文件
start_position: beginning # 从文件的开头读取
# - type: filestream
# id: input_sit_flymoon-admin_sys-error
# enabled: true
# paths:
# - /root/logs/flymoon-admin/sys-error.log
# fields:
# application: flymoon-admin # 自定义字段,标识应用名称
# log_type: sys-error # 自定义字段,标识日志类型
# environment: sit # 自定义字段,标识机器环境名称
# fields_under_root: true
# multiline.pattern: '^\d{2}:\d{2}:\d{2}\.\d{3}' # 针对error的日志格式
# multiline.negate: true
# multiline.match: after
# ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
# scan_frequency: 10s # 定期扫描新文件的频率
# clean_inactive: 25h # 清除超过一天未更新的文件
# close_inactive: 5m # 文件超过5分钟无更新则关闭
# close_renamed: true # 处理被重命名的文件
# start_position: beginning # 从文件的开头读取
# - type: filestream
# id: input_sit_flymoon-admin_sys-user
# enabled: true
# paths:
# - /root/logs/flymoon-admin/sys-user.log
# fields:
# application: flymoon-admin # 自定义字段,标识应用名称
# log_type: sys-user # 自定义字段,标识日志类型
# environment: sit # 自定义字段,标识机器环境名称
# fields_under_root: true
# multiline.pattern: '^\d{2}:\d{2}:\d{2}\.\d{3}' # 针对user的日志格式
# multiline.negate: true
# multiline.match: after
# ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
# scan_frequency: 10s # 定期扫描新文件的频率
# clean_inactive: 25h # 清除超过一天未更新的文件
# close_inactive: 5m # 文件超过5分钟无更新则关闭
# close_renamed: true # 处理被重命名的文件
# start_position: beginning # 从文件的开头读取
#设置索引模版
# setup.template.name: "sit-flymoon-admin"
# setup.template.pattern: "sit-flymoon-admin*"
# output.elasticsearch:
# hosts: ["http://192.168.60.21:9200"]
# username: "admin"
# password: "123456"
# index: "sit-flymoon-admin-%{+yyyy.MM}" # 按月分割索引

72
filebast/sit/flymoon-task.yml Normal file
View File

@@ -0,0 +1,72 @@
- type: filestream
id: input_sit_flymoon-task_sys-info
enabled: true
paths:
- /root/logs/flymoon-task/sys-info.log
fields:
application: flymoon-task # 自定义字段,标识应用名称
log_type: sys-info # 自定义字段,标识日志类型
environment: sit # 自定义字段,标识机器环境名称
fields_under_root: true
multiline.pattern: '^\d{2}:\d{2}:\d{2}\.\d{3}' # 针对info的日志格式多行
multiline.negate: true
multiline.match: after
ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
scan_frequency: 10s # 定期扫描新文件的频率
clean_inactive: 25h # 清除超过一天未更新的文件
close_inactive: 5m # 文件超过5分钟无更新则关闭
close_renamed: true # 处理被重命名的文件
start_position: beginning # 从文件的开头读取
# - type: filestream
# id: input_sit_flymoon-admin_sys-error
# enabled: true
# paths:
# - /root/logs/flymoon-admin/sys-error.log
# fields:
# application: flymoon-admin # 自定义字段,标识应用名称
# log_type: sys-error # 自定义字段,标识日志类型
# environment: sit # 自定义字段,标识机器环境名称
# fields_under_root: true
# multiline.pattern: '^\d{2}:\d{2}:\d{2}\.\d{3}' # 针对error的日志格式
# multiline.negate: true
# multiline.match: after
# ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
# scan_frequency: 10s # 定期扫描新文件的频率
# clean_inactive: 25h # 清除超过一天未更新的文件
# close_inactive: 5m # 文件超过5分钟无更新则关闭
# close_renamed: true # 处理被重命名的文件
# start_position: beginning # 从文件的开头读取
# - type: filestream
# id: input_sit_flymoon-admin_sys-user
# enabled: true
# paths:
# - /root/logs/flymoon-admin/sys-user.log
# fields:
# application: flymoon-admin # 自定义字段,标识应用名称
# log_type: sys-user # 自定义字段,标识日志类型
# environment: sit # 自定义字段,标识机器环境名称
# fields_under_root: true
# multiline.pattern: '^\d{2}:\d{2}:\d{2}\.\d{3}' # 针对user的日志格式
# multiline.negate: true
# multiline.match: after
# ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
# scan_frequency: 10s # 定期扫描新文件的频率
# clean_inactive: 25h # 清除超过一天未更新的文件
# close_inactive: 5m # 文件超过5分钟无更新则关闭
# close_renamed: true # 处理被重命名的文件
# start_position: beginning # 从文件的开头读取
#设置索引模版
# setup.template.name: "sit-flymoon-admin"
# setup.template.pattern: "sit-flymoon-admin*"
# output.elasticsearch:
# hosts: ["http://192.168.60.21:9200"]
# username: "admin"
# password: "123456"
# index: "sit-flymoon-admin-%{+yyyy.MM}" # 按月分割索引

110
filebast/test/filebeat.yml Normal file
View File

@@ -0,0 +1,110 @@
setup.template.enabled: true
setup.ilm.enabled: true
setup.template.name: "test-flymoonlog"
setup.template.pattern: "test-flymoonlog*"
#主配置文件加载子配置文件
filebeat.config.inputs:
enabled: true
path: /etc/filebeat/inputs.d/*.yml
reload.enabled: true
reload.period: 10s
# 处理器
processors:
- dissect:
when:
equals:
log_type: sys-info
tokenizer: '%{timestamp} [%{thread}] %{log_level} %{log_message}'
field: "message"
target_prefix: "parsed_sys_info"
ignore_missing: true
overwrite_keys: false
# - include_fields:
# fields: ["@timestamp", "log_type", "message", "application", "host.ip", "host.name", "log.file.path", "parsed_sys_info.timestamp", "parsed_sys_info.log_level", "parsed_sys_info.message", "parsed_sys_info.method", "parsed_sys_info.thread", "_id", "_index" ]
# - dissect:
# when:
# equals:
# log_type: sys-error
# tokenizer: '%{timestamp} [%{thread}] %{log_level} %{logger} - [%{method},%{line}] - %{message}'
# field: "message"
# target_prefix: "parsed_sys_error"
# # - include_fields:
# # fields: ["@timestamp", "log_type", "message", "application", "host.ip", "host.name", "log.file.path", "parsed_sys_info.timestamp", "parsed_sys_info.log_level", "parsed_sys_info.message", "parsed_sys_info.method", "parsed_sys_info.thread", "_id", "_index", "parsed_sys_info.logger" ]
# - dissect:
# when:
# equals:
# log_type: sys-user
# tokenizer: '%{timestamp} [%{thread}] %{log_level} %{module} - [%{method},%{line}] - %{message}'
# field: "message"
# target_prefix: "parsed_sys_user"
# - include_fields:
# fields: ["@timestamp", "log_type", "message", "application", "host.ip", "host.name", "log.file.path", "parsed_sys_info.timestamp", "parsed_sys_info.log_level", "parsed_sys_info.message", "parsed_sys_info.method", "parsed_sys_info.thread", "_id", "_index", "parsed_sys_info.module" ]
# - dissect:
# when:
# equals:
# log_type: email_nohup.out
# tokenizer: '%{timestamp} %{log.level} %{pid} --- [%{thread}] %{class} : %{message}'
# patterns:
# timestamp: "%{YEAR}-%{MONTH}-%{DAY} %{HOUR}:%{MINUTE}:%{SECOND}%.%{MILLISECOND}"
# log.level: "(INFO|DEBUG|WARN|ERROR|TRACE)"
# pid: "%{NUMBER}"
# thread: "%{DATA}"
# class: "%{DATA}"
# message: "%{GREEDYDATA}"
# field: "message"
# target_prefix: "parsed_sys_nohup"
# - include_fields:
# fields: ["@timestamp", "log_type", "message", "application", "host.ip", "host.name", "log.file.path", "parsed_sys_info.timestamp", "parsed_sys_info.log_level", "parsed_sys_info.message", "parsed_sys_info.method", "parsed_sys_info.thread", "_id", "_index", "parsed_sys_info.module" ]
#输出
output.elasticsearch:
hosts: ["http://192.168.70.16:9200"]
username: "admin"
password: "123456"
index: "test-flymoonlog-%{[environment]}-%{[application]}-%{+yyyy.MM}" # 按月分割索引
bulk_max_size: 50 # 单批次传输最大文档数
worker: 1 # 并行工作线程数
timeout: 15s
# 日志记录
logging.level: info
logging.to_files: true
logging.files:
path: /var/log/filebeat
name: filebeat.log
keepfiles: 7
permissions: 0644
# 设置队列和内存使用
queue.mem:
events: 1024
flush.min_events: 512
flush.timeout: 60s

21
filebast/test/fly-moon-email_v2.yml Normal file
View File

@@ -0,0 +1,21 @@
- type: log
id: input_test_fly-moon-email_v2-nohup
enabled: true
paths:
- /root/logs/flymoon-email-v2/sys-info.log
fields:
application: fly-moon-email_v2 # 自定义字段,标识应用名称
log_type: sys-info # 自定义字段,标识日志类型
environment: test # 自定义字段,标识机器环境名称
fields_under_root: true
multiline.pattern: '^\d{2}:\d{2}:\d{2}\.\d{3}' # 针对email的sys-info.log的日志格式多行
multiline.negate: true
multiline.match: after
ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
scan_frequency: 10s # 定期扫描新文件的频率
clean_inactive: 25h # 清除超过一天未更新的文件
close_inactive: 5m # 文件超过5分钟无更新则关闭
close_renamed: true # 处理被重命名的文件
start_position: beginning # 从文件的开头读取

20
filebast/test/fly_moon_crawlSpider.yml Normal file
View File

@@ -0,0 +1,20 @@
- type: log
id: input_test_flymoon_crawlSpider_sys-info
enabled: true
paths:
- /root/logs/fly_moon_crawlSpider/sys-info.log
fields:
application: flymoon_crawlSpider # 自定义字段,标识应用名称
log_type: sys-info # 自定义字段,标识日志类型
environment: test # 自定义字段,标识机器环境名称
fields_under_root: true
multiline.pattern: '^\d{2}:\d{2}:\d{2}\.\d{3}' # 针对info的日志格式多行
multiline.negate: true
multiline.match: after
ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
scan_frequency: 10s # 定期扫描新文件的频率
clean_inactive: 25h # 清除超过一天未更新的文件
close_inactive: 5m # 文件超过5分钟无更新则关闭
close_renamed: true # 处理被重命名的文件
start_position: beginning # 从文件的开头读取

72
filebast/test/flymoon-admin.yml Normal file
View File

@@ -0,0 +1,72 @@
- type: log
id: input_test_flymoon-admin_sys-info
enabled: true
paths:
- /root/logs/flymoon-admin/sys-info.log
fields:
application: flymoon-admin # 自定义字段,标识应用名称
log_type: sys-info # 自定义字段,标识日志类型
environment: test # 自定义字段,标识机器环境名称
fields_under_root: true
multiline.pattern: '^\d{2}:\d{2}:\d{2}\.\d{3}' # 针对info的日志格式
multiline.negate: true
multiline.match: after
ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
scan_frequency: 10s # 定期扫描新文件的频率
clean_inactive: 25h # 清除超过一天未更新的文件
close_inactive: 5m # 文件超过5分钟无更新则关闭
close_renamed: true # 处理被重命名的文件
start_position: beginning # 从文件的开头读取
# - type: filestream
# id: input_sit_flymoon-admin_sys-error
# enabled: true
# paths:
# - /root/logs/flymoon-admin/sys-error.log
# fields:
# application: flymoon-admin # 自定义字段,标识应用名称
# log_type: sys-error # 自定义字段,标识日志类型
# environment: sit # 自定义字段,标识机器环境名称
# fields_under_root: true
# multiline.pattern: '^\d{2}:\d{2}:\d{2}\.\d{3}' # 针对error的日志格式
# multiline.negate: true
# multiline.match: after
# ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
# scan_frequency: 10s # 定期扫描新文件的频率
# clean_inactive: 25h # 清除超过一天未更新的文件
# close_inactive: 5m # 文件超过5分钟无更新则关闭
# close_renamed: true # 处理被重命名的文件
# start_position: beginning # 从文件的开头读取
# - type: filestream
# id: input_sit_flymoon-admin_sys-user
# enabled: true
# paths:
# - /root/logs/flymoon-admin/sys-user.log
# fields:
# application: flymoon-admin # 自定义字段,标识应用名称
# log_type: sys-user # 自定义字段,标识日志类型
# environment: sit # 自定义字段,标识机器环境名称
# fields_under_root: true
# multiline.pattern: '^\d{2}:\d{2}:\d{2}\.\d{3}' # 针对user的日志格式
# multiline.negate: true
# multiline.match: after
# ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
# scan_frequency: 10s # 定期扫描新文件的频率
# clean_inactive: 25h # 清除超过一天未更新的文件
# close_inactive: 5m # 文件超过5分钟无更新则关闭
# close_renamed: true # 处理被重命名的文件
# start_position: beginning # 从文件的开头读取
#设置索引模版
# setup.template.name: "sit-flymoon-admin"
# setup.template.pattern: "sit-flymoon-admin*"
# output.elasticsearch:
# hosts: ["http://192.168.60.21:9200"]
# username: "admin"
# password: "123456"
# index: "sit-flymoon-admin-%{+yyyy.MM}" # 按月分割索引

22
filebast/test/flymoon-jenniefy.yml Normal file
View File

@@ -0,0 +1,22 @@
- type: log
id: test_flymoon-jenniefy_sys-info
enabled: true
paths:
- /root/logs/flymoon-jenniefy/sys-info.log
fields:
application: flymoon-jenniefy # 自定义字段,标识应用名称
log_type: sys-info # 自定义字段,标识日志类型
environment: test # 自定义字段,标识机器环境名称
fields_under_root: true
multiline.pattern: '^\d{2}:\d{2}:\d{2}\.\d{3} \[[\w-]+\]' # 针对info的日志格式多行
multiline.negate: true
multiline.match: after # 将不匹配模式的行添加到前一个匹配模式的行之后,直到遇到新的匹配行
ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
scan_frequency: 10s # 定期扫描新文件的频率
clean_inactive: 25h # 清除超过一天未更新的文件
close_inactive: 5m # 文件超过5分钟无更新则关闭
close_renamed: true # 处理被重命名的文件
start_position: beginning # 从文件的开头读取

72
filebast/test/flymoon-partner.yml Normal file
View File

@@ -0,0 +1,72 @@
- type: log
id: input_test_flymoon-partner_sys-info
enabled: true
paths:
- /root/logs/flymoon-partner/sys-info.log
fields:
application: flymoon-partner # 自定义字段,标识应用名称
log_type: sys-info # 自定义字段,标识日志类型
environment: test # 自定义字段,标识机器环境名称
fields_under_root: true
multiline.pattern: '^\d{2}:\d{2}:\d{2}\.\d{3}' # 针对info的日志格式多行
multiline.negate: true
multiline.match: after
ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
scan_frequency: 10s # 定期扫描新文件的频率
clean_inactive: 25h # 清除超过一天未更新的文件
close_inactive: 5m # 文件超过5分钟无更新则关闭
close_renamed: true # 处理被重命名的文件
start_position: beginning # 从文件的开头读取
# - type: filestream
# id: input_sit_flymoon-admin_sys-error
# enabled: true
# paths:
# - /root/logs/flymoon-admin/sys-error.log
# fields:
# application: flymoon-admin # 自定义字段,标识应用名称
# log_type: sys-error # 自定义字段,标识日志类型
# environment: sit # 自定义字段,标识机器环境名称
# fields_under_root: true
# multiline.pattern: '^\d{2}:\d{2}:\d{2}\.\d{3}' # 针对error的日志格式
# multiline.negate: true
# multiline.match: after
# ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
# scan_frequency: 10s # 定期扫描新文件的频率
# clean_inactive: 25h # 清除超过一天未更新的文件
# close_inactive: 5m # 文件超过5分钟无更新则关闭
# close_renamed: true # 处理被重命名的文件
# start_position: beginning # 从文件的开头读取
# - type: filestream
# id: input_sit_flymoon-admin_sys-user
# enabled: true
# paths:
# - /root/logs/flymoon-admin/sys-user.log
# fields:
# application: flymoon-admin # 自定义字段,标识应用名称
# log_type: sys-user # 自定义字段,标识日志类型
# environment: sit # 自定义字段,标识机器环境名称
# fields_under_root: true
# multiline.pattern: '^\d{2}:\d{2}:\d{2}\.\d{3}' # 针对user的日志格式
# multiline.negate: true
# multiline.match: after
# ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
# scan_frequency: 10s # 定期扫描新文件的频率
# clean_inactive: 25h # 清除超过一天未更新的文件
# close_inactive: 5m # 文件超过5分钟无更新则关闭
# close_renamed: true # 处理被重命名的文件
# start_position: beginning # 从文件的开头读取
#设置索引模版
# setup.template.name: "sit-flymoon-admin"
# setup.template.pattern: "sit-flymoon-admin*"
# output.elasticsearch:
# hosts: ["http://192.168.60.21:9200"]
# username: "admin"
# password: "123456"
# index: "sit-flymoon-admin-%{+yyyy.MM}" # 按月分割索引

72
filebast/test/flymoon-sse.yml Normal file
View File

@@ -0,0 +1,72 @@
- type: log
id: input_test_flymoon-sse_sys-info
enabled: true
paths:
- /root/logs/flymoon-sse/sys-info.log
fields:
application: flymoon-sse # 自定义字段,标识应用名称
log_type: sys-info # 自定义字段,标识日志类型
environment: test # 自定义字段,标识机器环境名称
fields_under_root: true
multiline.pattern: '^\d{2}:\d{2}:\d{2}\.\d{3}' # 针对info的日志格式多行
multiline.negate: true
multiline.match: after
ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
scan_frequency: 10s # 定期扫描新文件的频率
clean_inactive: 25h # 清除超过一天未更新的文件
close_inactive: 5m # 文件超过5分钟无更新则关闭
close_renamed: true # 处理被重命名的文件
start_position: beginning # 从文件的开头读取
# - type: filestream
# id: input_sit_flymoon-admin_sys-error
# enabled: true
# paths:
# - /root/logs/flymoon-admin/sys-error.log
# fields:
# application: flymoon-admin # 自定义字段,标识应用名称
# log_type: sys-error # 自定义字段,标识日志类型
# environment: sit # 自定义字段,标识机器环境名称
# fields_under_root: true
# multiline.pattern: '^\d{2}:\d{2}:\d{2}\.\d{3}' # 针对error的日志格式
# multiline.negate: true
# multiline.match: after
# ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
# scan_frequency: 10s # 定期扫描新文件的频率
# clean_inactive: 25h # 清除超过一天未更新的文件
# close_inactive: 5m # 文件超过5分钟无更新则关闭
# close_renamed: true # 处理被重命名的文件
# start_position: beginning # 从文件的开头读取
# - type: filestream
# id: input_sit_flymoon-admin_sys-user
# enabled: true
# paths:
# - /root/logs/flymoon-admin/sys-user.log
# fields:
# application: flymoon-admin # 自定义字段,标识应用名称
# log_type: sys-user # 自定义字段,标识日志类型
# environment: sit # 自定义字段,标识机器环境名称
# fields_under_root: true
# multiline.pattern: '^\d{2}:\d{2}:\d{2}\.\d{3}' # 针对user的日志格式
# multiline.negate: true
# multiline.match: after
# ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
# scan_frequency: 10s # 定期扫描新文件的频率
# clean_inactive: 25h # 清除超过一天未更新的文件
# close_inactive: 5m # 文件超过5分钟无更新则关闭
# close_renamed: true # 处理被重命名的文件
# start_position: beginning # 从文件的开头读取
#设置索引模版
# setup.template.name: "sit-flymoon-admin"
# setup.template.pattern: "sit-flymoon-admin*"
# output.elasticsearch:
# hosts: ["http://192.168.60.21:9200"]
# username: "admin"
# password: "123456"
# index: "sit-flymoon-admin-%{+yyyy.MM}" # 按月分割索引

25
filebast/test/flymoon-task.yml Normal file
View File

@@ -0,0 +1,25 @@
- type: log
id: input_test_flymoon-task_sys-info
enabled: true
paths:
- /root/logs/flymoon-task/sys-info.log
fields:
application: flymoon-task # 自定义字段,标识应用名称
log_type: sys-info # 自定义字段,标识日志类型
environment: test # 自定义字段,标识机器环境名称
fields_under_root: true
multiline.pattern: '^\d{2}:\d{2}:\d{2}\.\d{3} \[[\w-]+\]' # 针对info的日志格式多行
multiline.negate: true
#multiline.flush_pattern: '^\d{2}:\d{2}:\d{2}\.\d{3} \[[\w-]+\]' # 当遇到新的时间戳和线程名开头的行时,将已合并的多行日志作为一个事件发送出去
multiline.match: after # 将不匹配模式的行添加到前一个匹配模式的行之后,直到遇到新的匹配行
# multiline.max_lines: 1000 # 合并多行日志的最大行数
# multiline.timeout: 20s # 等待后续行的超时时间,如果超过 10 秒没有新行添加,则将已合并的多行日志作为一个事件发送
ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
scan_frequency: 10s # 定期扫描新文件的频率
clean_inactive: 25h # 清除超过一天未更新的文件
close_inactive: 5m # 文件超过5分钟无更新则关闭
close_renamed: true # 处理被重命名的文件
start_position: beginning # 从文件的开头读取

53
filebast/us-prod-01/filebeat.yml Normal file
View File

@@ -0,0 +1,53 @@
# 配置索引模板名称和模式
setup.template.name: "us-prod-01"
setup.template.pattern: "us-prod-01*"
setup.template.enabled: true
setup.ilm.enabled: true
#主配置文件加载子配置文件
filebeat.config.inputs:
enabled: true
path: /etc/filebeat/inputs.d/*.yml
reload.enabled: true
reload.period: 10s
# 处理器
processors:
- dissect:
when:
equals:
log_type: admin.log
tokenizer: '%{timestamp} [%{thread}] %{log_level} %{log_message}'
field: "message"
target_prefix: "parsed_sys_info"
ignore_missing: true
overwrite_keys: false
#输出
output.elasticsearch:
hosts: ["http://106.53.194.199:9200"]
username: "admin"
password: "123456"
index: "%{[environment]}-%{[application]}-%{+yyyy.MM}" # 按月分割索引
bulk_max_size: 50 # 单批次传输最大文档数
worker: 1 # 并行工作线程数
timeout: 15s
# 日志记录
logging.level: info
logging.to_files: true
logging.files:
path: /var/log/filebeat
name: filebeat.log
keepfiles: 7
permissions: 0644
# 设置队列和内存使用
queue.mem:
events: 1024
flush.min_events: 512
flush.timeout: 10s

20
filebast/us-prod-01/flymoon-admin.yml Normal file
View File

@@ -0,0 +1,20 @@
- type: log
id: us_pord_01_flymoon-admin
enabled: true
paths:
- /root/logs/flymoon-admin/sys-info.log
fields:
application: flymoon-admin # 自定义字段,标识应用名称
log_type: admin.log # 自定义字段,标识日志类型
environment: us-pord # 自定义字段,标识机器环境名称
instance: us-prod-01 # 自定义字段,标识机器名称
fields_under_root: true
multiline.pattern: '^\d{2}:\d{2}:\d{2}\.\d{3}' # 针对info的日志格式
multiline.negate: true
multiline.match: after
ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
scan_frequency: 10s # 定期扫描新文件的频率
clean_inactive: 25h # 清除超过一天未更新的文件
close_inactive: 5m # 文件超过5分钟无更新则关闭
close_renamed: true # 处理被重命名的文件
start_position: beginning # 从文件的开头读取

71
filebast/us-prod-02/filebeat.yml Normal file
View File

@@ -0,0 +1,71 @@
# 配置索引模板名称和模式
setup.template.name: "us-prod-02"
setup.template.pattern: "us-prod-02*"
setup.template.enabled: true
setup.ilm.enabled: true
#主配置文件加载子配置文件
filebeat.config.inputs:
enabled: true
path: /etc/filebeat/inputs.d/*.yml
reload.enabled: true
reload.period: 10s
# 处理器
processors:
- decode_json_fields:
when:
equals:
log_type: go.log
fields: ["message"]
target: ""
overwrite_keys: true
add_error_key: true
- dissect:
when:
equals:
log_type: email.log
tokenizer: '%{timestamp} [%{thread}] %{level} %{class} - [%{method_line}] - %{message}'
field: "message"
target_prefix: "mylog"
ignore_missing: true
overwrite_keys: true
- dissect:
when:
equals:
log_type: agent.log
tokenizer: '%{timestamp} %{level} - [%{method},%{line}] - %{message}'
field: "message"
target_prefix: "mylog"
ignore_missing: true
overwrite_keys: true
#输出
output.elasticsearch:
hosts: ["http://106.53.194.199:9200"]
username: "admin"
password: "123456"
index: "%{[environment]}-%{[application]}-%{+yyyy.MM}" # 按月分割索引
bulk_max_size: 50 # 单批次传输最大文档数
worker: 1 # 并行工作线程数
timeout: 15s
# 日志记录
logging.level: info
logging.to_files: true
logging.files:
path: /var/log/filebeat
name: filebeat.log
keepfiles: 7
permissions: 0644
# 设置队列和内存使用
queue.mem:
events: 1024
flush.min_events: 512
flush.timeout: 10s

23
filebast/us-prod-02/flymoon-agent.yml Normal file
View File

@@ -0,0 +1,23 @@
- type: log
id: us_pord_02_flymoon-agent
enabled: true
paths:
- /root/logs/flymoon-agent/sys-info.log
fields:
application: flymoon-agent # 自定义字段,标识应用名称
log_type: agent.log # 自定义字段,标识日志类型
environment: us-pord # 自定义字段,标识机器环境名称
instance: us-prod-02 # 自定义字段,标识机器名称
fields_under_root: true
multiline.pattern: '^\d{2}:\d{2}:\d{2}\.\d{3}' # 针对email的sys-info.log的日志格式多行
multiline.negate: true
multiline.match: after
ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
scan_frequency: 10s # 定期扫描新文件的频率
clean_inactive: 25h # 清除超过一天未更新的文件
close_inactive: 5m # 文件超过5分钟无更新则关闭
close_renamed: true # 处理被重命名的文件
start_position: beginning # 从文件的开头读取

23
filebast/us-prod-02/flymoon-email.yml Normal file
View File

@@ -0,0 +1,23 @@
- type: log
id: us_pord_02_fly-moon-email
enabled: true
paths:
- /root/logs/flymoon-email/sys-info.log
fields:
application: flymoon-email # 自定义字段,标识应用名称
log_type: email.log # 自定义字段,标识日志类型
environment: us-pord # 自定义字段,标识机器环境名称
instance: us-prod-02 # 自定义字段,标识机器名称
fields_under_root: true
multiline.pattern: '^\d{2}:\d{2}:\d{2}\.\d{3}' # 针对email的sys-info.log的日志格式多行
multiline.negate: true
multiline.match: after
ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
scan_frequency: 10s # 定期扫描新文件的频率
clean_inactive: 25h # 清除超过一天未更新的文件
close_inactive: 5m # 文件超过5分钟无更新则关闭
close_renamed: true # 处理被重命名的文件
start_position: beginning # 从文件的开头读取

25
filebast/us-prod-02/prod_go_lessie_sourcing_api.yml Normal file
View File

@@ -0,0 +1,25 @@
- type: log
id: prod_go_lessie_sourcing_api
enabled: true
paths:
- /data/webapps/go_lessie_sourcing_api/logs/*.log
follow_symlinks: true
harvester_limit: 1
fields:
application: go-lessie-sourcing_api # 自定义字段,标识应用名称
log_type: go.log # 自定义字段,标识日志类型
environment: prod # 自定义字段,标识机器环境名称
instance: us-prod-02 # 自定义字段,标识机器名称
fields_under_root: true
ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
scan_frequency: 10s # 定期扫描新文件的频率
clean_inactive: 25h # 清除超过一天未更新的文件
close_inactive: 5m # 文件超过5分钟无更新则关闭
close_renamed: true # 处理被重命名的文件
start_position: beginning # 从文件的开头读取

70
filebast/us-prod-03/filebeat.yml Normal file
View File

@@ -0,0 +1,70 @@
# 配置索引模板名称和模式
setup.template.name: "us-prod-03"
setup.template.pattern: "us-prod-03*"
setup.template.enabled: true
setup.ilm.enabled: true
#主配置文件加载子配置文件
filebeat.config.inputs:
enabled: true
path: /etc/filebeat/inputs.d/*.yml
reload.enabled: true
reload.period: 10s
# 处理器
processors:
- decode_json_fields:
when:
equals:
log_type: go.log
fields: ["message"]
target: ""
overwrite_keys: true
add_error_key: true
- dissect:
when:
equals:
log_type: payment.log
tokenizer: '%{timestamp} [%{thread}] %{level} %{class} - [%{method},%{line}] - %{message}'
field: "message"
target_prefix: "mylog"
ignore_missing: true
overwrite_keys: true
- dissect:
when:
equals:
log_type: agent.log
tokenizer: '%{timestamp} %{level} - [%{method},%{line}] - %{message}'
field: "message"
target_prefix: "mylog"
ignore_missing: true
overwrite_keys: true
#输出
output.elasticsearch:
hosts: ["http://106.53.194.199:9200"]
username: "admin"
password: "123456"
index: "%{[environment]}-%{[application]}-%{+yyyy.MM}" # 按月分割索引
bulk_max_size: 50 # 单批次传输最大文档数
worker: 1 # 并行工作线程数
timeout: 15s
# 日志记录
logging.level: info
logging.to_files: true
logging.files:
path: /var/log/filebeat
name: filebeat.log
keepfiles: 7
permissions: 0644
# 设置队列和内存使用
queue.mem:
events: 1024
flush.min_events: 512
flush.timeout: 10s

23
filebast/us-prod-03/flymoon-agent.yml Normal file
View File

@@ -0,0 +1,23 @@
- type: log
id: us_pord_02_flymoon-agent
enabled: true
paths:
- /root/logs/flymoon-agent/sys-info.log
fields:
application: flymoon-agent # 自定义字段,标识应用名称
log_type: agent.log # 自定义字段,标识日志类型
environment: us-pord # 自定义字段,标识机器环境名称
instance: us-prod-03 # 自定义字段,标识机器名称
fields_under_root: true
multiline.pattern: '^\d{2}:\d{2}:\d{2}\.\d{3}' # 针对email的sys-info.log的日志格式多行
multiline.negate: true
multiline.match: after
ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
scan_frequency: 10s # 定期扫描新文件的频率
clean_inactive: 25h # 清除超过一天未更新的文件
close_inactive: 5m # 文件超过5分钟无更新则关闭
close_renamed: true # 处理被重命名的文件
start_position: beginning # 从文件的开头读取

21
filebast/us-prod-03/flymoon-payment.yml Normal file
View File

@@ -0,0 +1,21 @@
- type: log
id: us_pord_03_flymoon-payment
enabled: true
paths:
- /root/logs/flymoon-payment/sys-info.log
fields:
application: flymoon-payment
log_type: payment.log
environment: us-pord
instance: us-prod-03
fields_under_root: true
multiline.pattern: '^\d{2}:\d{2}:\d{2}\.\d{3}'
multiline.negate: true
multiline.match: after
ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
scan_frequency: 10s # 定期扫描新文件的频率
clean_inactive: 25h # 清除超过一天未更新的文件
close_inactive: 5m # 文件超过5分钟无更新则关闭
close_renamed: true # 处理被重命名的文件
start_position: beginning # 从文件的开头读取

25
filebast/us-prod-03/prod_go_lessie_sourcing_api.yml Normal file
View File

@@ -0,0 +1,25 @@
- type: log
id: prod_go_lessie_sourcing_api
enabled: true
paths:
- /data/webapps/go_lessie_sourcing_api/logs/*.log
follow_symlinks: true
harvester_limit: 1
fields:
application: go-lessie-sourcing_api # 自定义字段,标识应用名称
log_type: go.log # 自定义字段,标识日志类型
environment: prod # 自定义字段,标识机器环境名称
instance: us-prod-03 # 自定义字段,标识机器名称
fields_under_root: true
# multiline.pattern: '^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}'
# multiline.negate: true
# multiline.match: after
ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
scan_frequency: 10s # 定期扫描新文件的频率
clean_inactive: 25h # 清除超过一天未更新的文件
close_inactive: 5m # 文件超过5分钟无更新则关闭
close_renamed: true # 处理被重命名的文件
start_position: beginning # 从文件的开头读取

37
filebast/weblessie-server/filebeat.yml Normal file
View File

@@ -0,0 +1,37 @@
# 配置索引模板名称和模式
setup.template.name: "prod-sourcing-agents"
setup.template.pattern: "prod-sourcing-agents*"
setup.template.enabled: true
setup.ilm.enabled: true
#主配置文件加载子配置文件
filebeat.config.inputs:
enabled: true
path: /etc/filebeat/inputs.d/*.yml
reload.enabled: true
reload.period: 10s
#输出
output.elasticsearch:
hosts: ["http://106.53.194.199:9200"]
username: "admin"
password: "123456"
index: "%{[environment]}-%{[application]}-%{+yyyy.MM}" # 按月分割索引
bulk_max_size: 50 # 单批次传输最大文档数
worker: 1 # 并行工作线程数
timeout: 15s
# 日志记录
logging.level: info
logging.to_files: true
logging.files:
path: /var/log/filebeat
name: filebeat.log
keepfiles: 7
permissions: 0644
# 设置队列和内存使用
queue.mem:
events: 1024
flush.min_events: 512
flush.timeout: 10s

45
filebast/weblessie-server/prod_lessie_sourcing_agents.yml Normal file
View File

@@ -0,0 +1,45 @@
- type: log
id: prod_lessie_sourcing_agents
enabled: true
paths:
- /data/webapps/prod_lessie_sourcing_agents/logs/lessie_sourcing_agents_latest.log
follow_symlinks: true
harvester_limit: 1
fields:
application: lessie # 自定义字段,标识应用名称
log_type: lessie.log # 自定义字段,标识日志类型
environment: prod # 自定义字段,标识机器环境名称
instance: weblessie-server # 自定义字段,标识机器名称
fields_under_root: true
multiline.pattern: '^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}'
multiline.negate: true
multiline.match: after
ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
scan_frequency: 10s # 定期扫描新文件的频率
clean_inactive: 25h # 清除超过一天未更新的文件
close_inactive: 5m # 文件超过5分钟无更新则关闭
close_renamed: true # 处理被重命名的文件
start_position: beginning # 从文件的开头读取
- type: log
id: prod_lessie_sourcing_agents
enabled: true
paths:
- /data/webapps/prod_lessie_sourcing_agents/logs/lessie_sourcing_agents_latest.log
follow_symlinks: true
fields:
application: lessie # 自定义字段,标识应用名称
log_type: lessie.log # 自定义字段,标识日志类型
environment: prod # 自定义字段,标识机器环境名称
instance: weblessie-server # 自定义字段,标识机器名称
fields_under_root: true
ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
scan_frequency: 10s # 定期扫描新文件的频率
clean_inactive: 25h # 清除超过一天未更新的文件
close_inactive: 5m # 文件超过5分钟无更新则关闭
close_renamed: true # 处理被重命名的文件
start_position: beginning # 从文件的开头读取

83
filebast/主配置文件.yaml Normal file
View File

@@ -0,0 +1,83 @@
setup.template.enabled: true
setup.ilm.enabled: true
setup.template.name: "fly-moon-email_v2_logs"
setup.template.pattern: "fly-moon-email_v2_logs*"
filebeat.inputs:
- type: filestream
id: fly-moon-email_v2_logs
enabled: true
paths:
- /data/webapps/fly_moon_email_v2/nohup.out
# 从文件末尾开始读取
tail_files: true
start_position: end # 从文件末尾开始读取
# 扫描新日志文件的频率
scan_frequency: 10s
# 防止 Filebeat 过早关闭文件句柄
close_inactive: 15m
# 忽略超过指定时间未更新的日志文件
ignore_older: 24h
# 清理超过指定时间未使用的状态
clean_inactive: 48h
parsers:
- multiline:
type: pattern
pattern: '^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}'
negate: true
match: after
# 输出到 Elasticsearch
output.elasticsearch:
hosts: ["http://192.168.60.21:9200"]
username: "elastic"
password: "Elastic_123456"
index: "fly-moon-email_v2_logs-%{+yyyy.MM.dd}"
bulk_max_size: 1024 # 单批次传输最大文档数
worker: 1 # 并行工作线程数
# 处理器(数据增强)
processors:
- add_host_metadata: ~ # 添加主机元数据
- add_cloud_metadata: ~ # 添加云环境元数据(如果在云上)
- add_docker_metadata: ~ # 添加 Docker 元数据(如果在 Docker 中)
- add_fields:
target: ""
fields:
environment: "production"
application: "fly-moon-email_v2"
- drop_fields:
fields: ["agent", "ecs"] # 删除不必要的字段,减少存储开销
# 日志记录
logging.level: info
logging.to_files: true
logging.files:
path: /var/log/filebeat
name: filebeat.log
keepfiles: 7
permissions: 0644
# 设置队列和内存使用
queue.mem:
events: 1024
flush.min_events: 512
flush.timeout: 5s

48
filebast/启动文件/elasticsearch.service.conf Normal file
View File

@@ -0,0 +1,48 @@
# /etc/systemd/system/elasticsearch.service
[Unit]
Description=Elasticsearch
Documentation=https://www.elastic.co
Wants=network-online.target
After=network-online.target
[Service]
Type=simple
User=root
Group=root
WorkingDirectory=/data/elasticsearch-8.17.0
ExecStart=/data/elasticsearch-8.17.0/bin/elasticsearch
Restart=always
RestartSec=3
[Install]
WantedBy=multi-user.target
# 重新加载 systemd 配置
systemctl daemon-reload
# 启动 Elasticsearch
systemctl start elasticsearch
# 设置 Elasticsearch 开机自启
systemctl enable elasticsearch
# 启动 Kibana
systemctl start kibana
# 设置 Kibana 开机自启
systemctl enable kibana
# 查看 Elasticsearch 状态
systemctl status elasticsearch
# 查看 Kibana 状态
systemctl status kibana
# 查看详细日志
journalctl -u elasticsearch
# 查看详细日志
journalctl -u kibana

19
filebast/启动文件/kibana.service.conf Normal file
View File

@@ -0,0 +1,19 @@
# /etc/systemd/system/kibana.service
[Unit]
Description=Kibana
Documentation=https://www.elastic.co
Wants=network-online.target
After=network-online.target elasticsearch.service
[Service]
Type=simple
User=root
Group=root
WorkingDirectory=/data/kibana-8.17.0
ExecStart=/data/kibana-8.17.0/bin/kibana
Restart=always
RestartSec=3
[Install]
WantedBy=multi-user.target

29
filebast/安装配置命令 Normal file
View File

@@ -0,0 +1,29 @@
out-crawler-host
yum -y localinstall filebeat-8.17.0-x86_64.rpm
cd /etc/filebeat
mv filebeat.yml filebeat.yml.bak
mkdir inputs.d
vim filebeat.yml
vim inputs.d/yt_search_crawler.yml
filebeat test config
filebeat test output
systemctl stop filebeat.service
systemctl start filebeat.service
systemctl status filebeat.service
journalctl -u filebeat -f

19
filebast/海外148/148_app.lessie.ai_influencer_search.yml Normal file
View File

@@ -0,0 +1,19 @@
- type: log
id: app_lessie_ai_influencer_5002-nohup
enabled: true
paths:
- /data/webapps/influencer_search_agent/log/influencer_5002*.log
fields:
application: influencer_search_app.lessie.ai # 自定义字段,标识应用名称
log_type: influencer_5002.log # 自定义字段,标识日志类型
environment: app_lessie_ai # 自定义字段,标识机器环境名称
fields_under_root: true
multiline.pattern: '^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}'
multiline.negate: true
multiline.match: after
ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
scan_frequency: 10s # 定期扫描新文件的频率
clean_inactive: 25h # 清除超过一天未更新的文件
close_inactive: 5m # 文件超过5分钟无更新则关闭
close_renamed: true # 处理被重命名的文件
start_position: beginning # 从文件的开头读取

19
filebast/海外148/148_influencer_search.yml Normal file
View File

@@ -0,0 +1,19 @@
- type: log
id: test_influencer_search-nohup
enabled: true
paths:
- /data/webapps/test_influencer_search_agent/log/influencer_search_*.log
fields:
application: influencer_search # 自定义字段,标识应用名称
log_type: influencer_search.log # 自定义字段,标识日志类型
environment: test # 自定义字段,标识机器环境名称
fields_under_root: true
multiline.pattern: '^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}'
multiline.negate: true
multiline.match: after
ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
scan_frequency: 10s # 定期扫描新文件的频率
clean_inactive: 25h # 清除超过一天未更新的文件
close_inactive: 5m # 文件超过5分钟无更新则关闭
close_renamed: true # 处理被重命名的文件
start_position: beginning # 从文件的开头读取

125
filebast/海外148/filebeat.yml Normal file
View File

@@ -0,0 +1,125 @@
setup.template.enabled: true
setup.ilm.enabled: true
setup.template.name: "out-148-flymoonlog"
setup.template.pattern: "out-148-flymoonlog*"
#主配置文件加载子配置文件
filebeat.config.inputs:
enabled: true
path: /etc/filebeat/inputs.d/*.yml
reload.enabled: true
reload.period: 10s
# 处理器
processors:
## 针对 influencer_im.log 的 dissect基础字段分解
- dissect:
when:
equals:
log_type: influencer_search.log
tokenizer: '%{timestamp} - %{module} - %{level} - %{raw_tail}'
field: "message"
target_prefix: "mylog"
ignore_missing: true
overwrite_keys: true
# 从 message 中提取 user_email
- dissect:
when:
equals:
log_type: influencer_search.log
tokenizer: '[user_email: %{user_email}] %{tail}'
field: "mylog.raw_tail"
target_prefix: "mylog"
ignore_missing: true
overwrite_keys: true
# 提取 conversation_id
- dissect:
when:
equals:
log_type: influencer_search.log
tokenizer: '[conversation_id: %{conversation_id}] %{tail}'
field: "mylog.tail"
target_prefix: "mylog"
ignore_missing: true
overwrite_keys: true
## 针对 influencer_5002.log 的 dissect基础字段分解
- dissect:
when:
equals:
log_type: influencer_5002.log
tokenizer: '%{timestamp} - %{module} - %{level} - %{raw_tail}'
field: "message"
target_prefix: "mylog"
ignore_missing: true
overwrite_keys: true
# 从 message 中提取 user_email
- dissect:
when:
equals:
log_type: influencer_5002.log
tokenizer: '[user_email: %{user_email}] %{tail}'
field: "mylog.raw_tail"
target_prefix: "mylog"
ignore_missing: true
overwrite_keys: true
# 提取 conversation_id
- dissect:
when:
equals:
log_type: influencer_5002.log
tokenizer: '[conversation_id: %{conversation_id}] %{tail}'
field: "mylog.tail"
target_prefix: "mylog"
ignore_missing: true
overwrite_keys: true
#输出
output.elasticsearch:
hosts: ["http://106.53.194.199:9200"]
username: "admin"
password: "123456"
index: "out-148-flymoonlog-%{[environment]}-%{[application]}-%{+yyyy.MM}" # 按月分割索引
bulk_max_size: 50 # 单批次传输最大文档数
worker: 1 # 并行工作线程数
timeout: 15s
# 日志记录
logging.level: info
logging.to_files: true
logging.files:
path: /var/log/filebeat
name: filebeat.log
keepfiles: 7
permissions: 0644
# 设置队列和内存使用
queue.mem:
events: 1024
flush.min_events: 512
flush.timeout: 10s

19
filebast/海外148/test_check_tiktok_account.yml Normal file
View File

@@ -0,0 +1,19 @@
- type: log
id: test_check_tiktok_account-output
enabled: true
paths:
- /data/webapps/test_check_tiktok_account/output.log
fields:
application: check_tiktok_account # 自定义字段,标识应用名称
log_type: check_tiktok_accountl_output.log # 自定义字段,标识日志类型
environment: test # 自定义字段,标识机器环境名称
fields_under_root: true
multiline.pattern: '^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2},\d{3}'
multiline.negate: true
multiline.match: after
ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
scan_frequency: 10s # 定期扫描新文件的频率
clean_inactive: 25h # 清除超过一天未更新的文件
close_inactive: 5m # 文件超过5分钟无更新则关闭
close_renamed: true # 处理被重命名的文件
start_position: beginning # 从文件的开头读取

22
filebast/海外148/test_cron_update_yt.yml Normal file
View File

@@ -0,0 +1,22 @@
- type: log
id: test_cron_update_yt_log
enabled: true
paths:
- /data/webapps/test_yt_data_update/logs/cron_update_yt.log
fields:
application: cron_yt_data_update # 自定义字段,标识应用名称
log_type: cron_update_yt.log # 自定义字段,标识日志类型
environment: test # 自定义字段,标识机器环境名称
fields_under_root: true
multiline.pattern: '^\['
multiline.negate: true
multiline.match: after
ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
scan_frequency: 10s # 定期扫描新文件的频率
clean_inactive: 25h # 清除超过一天未更新的文件
close_inactive: 5m # 文件超过5分钟无更新则关闭
close_renamed: true # 处理被重命名的文件
start_position: beginning # 从文件的开头读取

22
filebast/海外148/test_ins_search_crawler.yml Normal file
View File

@@ -0,0 +1,22 @@
- type: log
id: test_ins_search_crawler-output
enabled: true
paths:
- /data/webapps/test_ins_search_crawler/output.log
fields:
application: ins_search_crawle # 自定义字段,标识应用名称
log_type: ins_search_crawler_output.log # 自定义字段,标识日志类型
environment: test # 自定义字段,标识机器环境名称
fields_under_root: true
multiline.pattern: '^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2},\d{3}'
multiline.negate: true
multiline.match: after
ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
scan_frequency: 10s # 定期扫描新文件的频率
clean_inactive: 25h # 清除超过一天未更新的文件
close_inactive: 5m # 文件超过5分钟无更新则关闭
close_renamed: true # 处理被重命名的文件
start_position: beginning # 从文件的开头读取

21
filebast/海外148/test_tk_shop_crawler.yml Normal file
View File

@@ -0,0 +1,21 @@
- type: log
id: test_tk_shop_crawler_log
enabled: true
paths:
- /data/webapps/test_tk_shop_crawler/output.log
fields:
application: tk_shop_crawler # 自定义字段,标识应用名称
log_type: tk_shop_crawler.log # 自定义字段,标识日志类型
environment: test # 自定义字段,标识机器环境名称
fields_under_root: true
multiline.pattern: '^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2},\d{3}'
multiline.negate: true
multiline.match: after
ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
scan_frequency: 10s # 定期扫描新文件的频率
clean_inactive: 25h # 清除超过一天未更新的文件
close_inactive: 5m # 文件超过5分钟无更新则关闭
close_renamed: true # 处理被重命名的文件
start_position: beginning

22
filebast/海外148/test_update_yt.yml Normal file
View File

@@ -0,0 +1,22 @@
- type: log
id: test_update_yt_log
enabled: true
paths:
- /data/webapps/test_yt_data_update/logs/update_yt.log
fields:
application: yt_data_update # 自定义字段,标识应用名称
log_type: update_yt.log # 自定义字段,标识日志类型
environment: test # 自定义字段,标识机器环境名称
fields_under_root: true
multiline.pattern: '^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2},\d{3}'
multiline.negate: true
multiline.match: after
ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
scan_frequency: 10s # 定期扫描新文件的频率
clean_inactive: 25h # 清除超过一天未更新的文件
close_inactive: 5m # 文件超过5分钟无更新则关闭
close_renamed: true # 处理被重命名的文件
start_position: beginning # 从文件的开头读取

22
filebast/海外148/test_yt_search_crawler.yml Normal file
View File

@@ -0,0 +1,22 @@
- type: log
id: test_yt_search_crawler-output
enabled: true
paths:
- /data/webapps/test_yt_search_crawler/output.log
fields:
application: yt_search_crawler # 自定义字段,标识应用名称
log_type: yt_search_crawler_output.log # 自定义字段,标识日志类型
environment: test # 自定义字段,标识机器环境名称
fields_under_root: true
multiline.pattern: '^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2},\d{3}'
multiline.negate: true
multiline.match: after
ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
scan_frequency: 10s # 定期扫描新文件的频率
clean_inactive: 25h # 清除超过一天未更新的文件
close_inactive: 5m # 文件超过5分钟无更新则关闭
close_renamed: true # 处理被重命名的文件
start_position: beginning # 从文件的开头读取

23
filebast/海外241/241_influencer_search copy.yml Normal file
View File

@@ -0,0 +1,23 @@
- type: log
id: prod_influencer_search-nohup
enabled: true
paths:
- /data/webapps/influencer_search_agent/log/influencer_search_*.log
fields:
application: influencer_search # 自定义字段,标识应用名称
log_type: influencer_search.log # 自定义字段,标识日志类型
environment: pord # 自定义字段,标识机器环境名称
fields_under_root: true
multiline.pattern: '^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2},\d{3}'
multiline.negate: true
multiline.match: after
ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
scan_frequency: 10s # 定期扫描新文件的频率
clean_inactive: 25h # 清除超过一天未更新的文件
close_inactive: 5m # 文件超过5分钟无更新则关闭
close_renamed: true # 处理被重命名的文件
start_position: beginning # 从文件的开头读取

23
filebast/海外241/241_influencer_search.yml Normal file
View File

@@ -0,0 +1,23 @@
- type: log
id: prod_influencer_search-nohup
enabled: true
paths:
- /data/webapps/influencer_search_agent/log/influencer_search_*.log
fields:
application: influencer_search # 自定义字段,标识应用名称
log_type: influencer_search.log # 自定义字段,标识日志类型
environment: pord # 自定义字段,标识机器环境名称
fields_under_root: true
multiline.pattern: '^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2},\d{3}'
multiline.negate: true
multiline.match: after
ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
scan_frequency: 10s # 定期扫描新文件的频率
clean_inactive: 25h # 清除超过一天未更新的文件
close_inactive: 5m # 文件超过5分钟无更新则关闭
close_renamed: true # 处理被重命名的文件
start_position: beginning # 从文件的开头读取

84
filebast/海外241/filebeat.yml Normal file
View File

@@ -0,0 +1,84 @@
setup.template.enabled: true
setup.ilm.enabled: true
setup.template.name: "out-241-flymoonlog"
setup.template.pattern: "out-241-flymoonlog*"
#主配置文件加载子配置文件
filebeat.config.inputs:
enabled: true
path: /etc/filebeat/inputs.d/*.yml
reload.enabled: true
reload.period: 10s
# 处理器
processors:
- dissect:
when:
equals:
log_type: email-log
tokenizer: '%{timestamp} [%{thread}] %{level} %{class} - [%{method_line}] - %{message}'
field: "message"
target_prefix: "mylog"
ignore_missing: true
overwrite_keys: true
### s2的lessie ####################################
- dissect:
when:
equals:
log_type: s2_lessie_search.log
tokenizer: '%{timestamp} - %{level} - %{module} - %{function} - %{message}'
field: "message"
target_prefix: "mylog"
ignore_missing: true
overwrite_keys: true
# 针对带有 [level: | event: | msg: | context:] 的日志,再做一次 dissect
- dissect:
when:
regexp:
mylog.message: '^\[level:.*\]'
tokenizer: '[level: %{event_level} | event: %{event} | msg: %{msg} | context: %{context}]'
field: "mylog.message"
target_prefix: "mylog"
ignore_missing: true
overwrite_keys: true
### s2的lessie ##################################
#输出
output.elasticsearch:
hosts: ["http://106.53.194.199:9200"]
username: "admin"
password: "123456"
index: "out-241-flymoonlog-%{[environment]}-%{[application]}-%{+yyyy.MM}" # 按月分割索引
bulk_max_size: 50 # 单批次传输最大文档数
worker: 1 # 并行工作线程数
timeout: 15s
# 日志记录
logging.level: info
logging.to_files: true
logging.files:
path: /var/log/filebeat
name: filebeat.log
keepfiles: 7
permissions: 0644
# 设置队列和内存使用
queue.mem:
events: 1024
flush.min_events: 512
flush.timeout: 10s

19
filebast/海外241/fly-moon-email_v2-outpord.yml Normal file
View File

@@ -0,0 +1,19 @@
- type: log
id: input_fly-moon-email_v2-outpord-nohup
enabled: true
paths:
- /root/logs/flymoon-email/sys-info.log
fields:
application: fly-moon-email_v2 # 自定义字段,标识应用名称
log_type: out-pord-email_sys-info # 自定义字段,标识日志类型
environment: pord # 自定义字段,标识机器环境名称
fields_under_root: true
multiline.pattern: '^\d{2}:\d{2}:\d{2}\.\d{3}' # 针对email的sys-info.log的日志格式多行
multiline.negate: true
multiline.match: after
ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
scan_frequency: 10s # 定期扫描新文件的频率
clean_inactive: 25h # 清除超过一天未更新的文件
close_inactive: 5m # 文件超过5分钟无更新则关闭
close_renamed: true # 处理被重命名的文件
start_position: beginning # 从文件的开头读取

27
filebast/海外241/fly-moon-email_v2-outtest.yml Normal file
View File

@@ -0,0 +1,27 @@
- type: filestream
id: input_fly-moon-email_v2-outtest-nohup
enabled: true
paths:
- /data/webapps/test/fly_moon_email_v2/nohup.out
fields:
application: fly-moon-email_v2 # 自定义字段,标识应用名称
log_type: out-test-email_nohup.out # 自定义字段,标识日志类型
environment: test # 自定义字段,标识机器环境名称
fields_under_root: true
tail_files: true
start_position: end # 从文件末尾开始读取
ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
scan_frequency: 10s # 定期扫描新文件的频率
clean_inactive: 25h # 清除超过一天未更新的文件
close_inactive: 5m # 文件超过5分钟无更新则关闭
close_renamed: true # 处理被重命名的文件
clean_inactive: 48h
parsers:
- multiline:
type: pattern
pattern: '^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}'
negate: true
match: after

23
filebast/海外241/s2_lessie_search.yml Normal file
View File

@@ -0,0 +1,23 @@
- type: log
id: s2_lessie_search
enabled: true
paths:
- /data/webapps/lessie_sourcing_agents/logs/lessie_sourcing_agents_20250922_204120.log
fields:
application: lessie_search # 自定义字段,标识应用名称
log_type: s2_lessie_search.log # 自定义字段,标识日志类型
environment: s2 # 自定义字段,标识机器环境名称
instance: weblessie-server1 # 自定义字段,标识机器名称
fields_under_root: true
multiline.pattern: '^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2},\d{3}'
multiline.negate: true
multiline.match: after
ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
scan_frequency: 10s # 定期扫描新文件的频率
clean_inactive: 25h # 清除超过一天未更新的文件
close_inactive: 5m # 文件超过5分钟无更新则关闭
close_renamed: true # 处理被重命名的文件
start_position: beginning # 从文件的开头读取

62
filebast/海外64/filebeat.yml Normal file
View File

@@ -0,0 +1,62 @@
setup.template.enabled: true
setup.ilm.enabled: true
setup.template.name: "out-64-flymoonlog"
setup.template.pattern: "out-64-flymoonlog*"
#主配置文件加载子配置文件
filebeat.config.inputs:
enabled: true
path: /etc/filebeat/inputs.d/*.yml
reload.enabled: true
reload.period: 10s
# 处理器
# processors:
# - dissect:
# when:
# equals:
# log_type: out-pord-email_sys-info
# tokenizer: '%{timestamp} [%{thread}] %{log_level} %{log_message}'
# field: "message"
# target_prefix: "parsed_sys_info"
# ignore_missing: true
# overwrite_keys: false
#输出
output.elasticsearch:
hosts: ["http://106.53.194.199:9200"]
username: "admin"
password: "123456"
index: "out-64-flymoonlog-%{[environment]}-%{[application]}-%{+yyyy.MM}" # 按月分割索引
bulk_max_size: 50 # 单批次传输最大文档数
worker: 1 # 并行工作线程数
timeout: 15s
# 日志记录
logging.level: info
logging.to_files: true
logging.files:
path: /var/log/filebeat
name: filebeat.log
keepfiles: 7
permissions: 0644
# 设置队列和内存使用
queue.mem:
events: 1024
flush.min_events: 512
flush.timeout: 10s

22
filebast/海外64/update_yt_day.yml Normal file
View File

@@ -0,0 +1,22 @@
- type: log
id: update_yt_day_log
enabled: true
paths:
- /data/webapps/yt_data_update/logs/yt_up_date_day_outup/*.log
fields:
application: yt_data_update_day # 自定义字段,标识应用名称
log_type: update_yt_day.log # 自定义字段,标识日志类型
environment: out64 # 自定义字段,标识机器环境名称
fields_under_root: true
multiline.pattern: '^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2},\d{3}'
multiline.negate: true
multiline.match: after
ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
scan_frequency: 10s # 定期扫描新文件的频率
clean_inactive: 25h # 清除超过一天未更新的文件
close_inactive: 5m # 文件超过5分钟无更新则关闭
close_renamed: true # 处理被重命名的文件
start_position: beginning # 从文件的开头读取

22
filebast/海外64/update_yt_week.yml Normal file
View File

@@ -0,0 +1,22 @@
- type: log
id: update_yt_week_log
enabled: true
paths:
- /data/webapps/yt_data_update/logs/yt_up_date_week_outup/*.log
fields:
application: yt_data_update_week # 自定义字段,标识应用名称
log_type: update_yt_week.log # 自定义字段,标识日志类型
environment: out64 # 自定义字段,标识机器环境名称
fields_under_root: true
multiline.pattern: '^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2},\d{3}'
multiline.negate: true
multiline.match: after
ignore_older: 24h # 忽略旧日志文件(避免处理已归档的日志)
scan_frequency: 10s # 定期扫描新文件的频率
clean_inactive: 25h # 清除超过一天未更新的文件
close_inactive: 5m # 文件超过5分钟无更新则关闭
close_renamed: true # 处理被重命名的文件
start_position: beginning # 从文件的开头读取

4
filebast/相关命令 Normal file
View File

@@ -0,0 +1,4 @@
1、查看启动输出journalctl -u filebeat -f
2、测试
filebeat test config、filebeat test output