filebeat.inputs:
  - type: log
    enabled: true
    paths:
      - /root/logs/sys-info*.log
      - /root/logs/sys-error*.log
      - /root/logs/sys-user*.log
    fields:
      application: my_app  # 自定义字段，标识应用名称
    fields_under_root: true
    multiline.pattern: '^[[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2}' # 根据你的日志格式调整
    multiline.negate: true
    multiline.match: after
    ignore_older: 24h
    scan_frequency: 10s
    clean_inactive: 25h
    close_inactive: 5m
    close_renamed: true
    start_position: beginning

processors:
  - drop_fields:
      fields: ["agent", "ecs", "host.architecture", "host.os.*", "input.type", "log.offset", "tags"]
  - include_fields:
      fields: ["@timestamp", "message", "application", "host.ip", "host.name", "log.file.path"]

output.elasticsearch:
  hosts: ["http://<elasticsearch_host>:9200"]
  index: "my_app-${+yyyy.MM.dd}"  # 按天分割的索引