setup.template.enabled: true
setup.ilm.enabled: true
setup.template.name: "test-flymoonlog"
setup.template.pattern: "test-flymoonlog*"



#主配置文件加载子配置文件
filebeat.config.inputs:
  enabled: true
  path: /etc/filebeat/inputs.d/*.yml
  reload.enabled: true
  reload.period: 10s



# 处理器
processors:
  - dissect:
      when:
        equals:
          log_type: sys-info
      tokenizer: '%{timestamp} [%{thread}] %{log_level} %{log_message}'
      field: "message"
      target_prefix: "parsed_sys_info"
      ignore_missing: true
      overwrite_keys: false




      
  # - include_fields:
  #     fields: ["@timestamp", "log_type", "message", "application", "host.ip", "host.name", "log.file.path", "parsed_sys_info.timestamp", "parsed_sys_info.log_level", "parsed_sys_info.message",  "parsed_sys_info.method", "parsed_sys_info.thread", "_id", "_index" ] 

  # - dissect:
  #     when:
  #       equals:
  #         log_type: sys-error
  #     tokenizer: '%{timestamp} [%{thread}] %{log_level} %{logger} - [%{method},%{line}] - %{message}'
  #     field: "message"
  #     target_prefix: "parsed_sys_error"
  # # - include_fields:
  # #     fields: ["@timestamp", "log_type", "message", "application", "host.ip", "host.name", "log.file.path", "parsed_sys_info.timestamp", "parsed_sys_info.log_level", "parsed_sys_info.message",  "parsed_sys_info.method", "parsed_sys_info.thread", "_id", "_index", "parsed_sys_info.logger" ] 

  # - dissect:
  #     when:
  #       equals:
  #         log_type: sys-user
  #     tokenizer: '%{timestamp} [%{thread}] %{log_level} %{module} - [%{method},%{line}] - %{message}'
  #     field: "message"
  #     target_prefix: "parsed_sys_user"
  # - include_fields:
  #     fields:  ["@timestamp", "log_type", "message", "application", "host.ip", "host.name", "log.file.path", "parsed_sys_info.timestamp", "parsed_sys_info.log_level", "parsed_sys_info.message",  "parsed_sys_info.method", "parsed_sys_info.thread", "_id", "_index", "parsed_sys_info.module" ] 


  # - dissect:
  #     when:
  #       equals:
  #         log_type: email_nohup.out
  #     tokenizer: '%{timestamp} %{log.level} %{pid} --- [%{thread}] %{class} : %{message}'
  #     patterns:
  #       timestamp: "%{YEAR}-%{MONTH}-%{DAY} %{HOUR}:%{MINUTE}:%{SECOND}%.%{MILLISECOND}"
  #       log.level: "(INFO|DEBUG|WARN|ERROR|TRACE)"
  #       pid: "%{NUMBER}"
  #       thread: "%{DATA}"
  #       class: "%{DATA}"
  #       message: "%{GREEDYDATA}"
  #     field: "message"
  #     target_prefix: "parsed_sys_nohup"
  # - include_fields:
  #     fields:  ["@timestamp", "log_type", "message", "application", "host.ip", "host.name", "log.file.path", "parsed_sys_info.timestamp", "parsed_sys_info.log_level", "parsed_sys_info.message",  "parsed_sys_info.method", "parsed_sys_info.thread", "_id", "_index", "parsed_sys_info.module" ] 










#输出
output.elasticsearch:
  hosts: ["http://192.168.70.16:9200"]
  username: "admin"
  password: "123456"
  index: "test-flymoonlog-%{[environment]}-%{[application]}-%{+yyyy.MM}"  # 按月分割索引
  bulk_max_size: 50       # 单批次传输最大文档数
  worker: 1                # 并行工作线程数
  timeout: 15s



# 日志记录
logging.level: info
logging.to_files: true
logging.files:
  path: /var/log/filebeat
  name: filebeat.log
  keepfiles: 7
  permissions: 0644



# 设置队列和内存使用
queue.mem:
  events: 1024
  flush.min_events: 512
  flush.timeout: 60s