84 lines
1.9 KiB
YAML
84 lines
1.9 KiB
YAML
setup.template.enabled: true
|
|
setup.ilm.enabled: true
|
|
setup.template.name: "fly-moon-email_v2_logs"
|
|
setup.template.pattern: "fly-moon-email_v2_logs*"
|
|
|
|
|
|
|
|
filebeat.inputs:
|
|
- type: filestream
|
|
id: fly-moon-email_v2_logs
|
|
enabled: true
|
|
paths:
|
|
- /data/webapps/fly_moon_email_v2/nohup.out
|
|
# 从文件末尾开始读取
|
|
tail_files: true
|
|
start_position: end # 从文件末尾开始读取
|
|
# 扫描新日志文件的频率
|
|
scan_frequency: 10s
|
|
# 防止 Filebeat 过早关闭文件句柄
|
|
close_inactive: 15m
|
|
# 忽略超过指定时间未更新的日志文件
|
|
ignore_older: 24h
|
|
# 清理超过指定时间未使用的状态
|
|
clean_inactive: 48h
|
|
parsers:
|
|
- multiline:
|
|
type: pattern
|
|
pattern: '^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}'
|
|
negate: true
|
|
match: after
|
|
|
|
|
|
|
|
# 输出到 Elasticsearch
|
|
output.elasticsearch:
|
|
hosts: ["http://192.168.60.21:9200"]
|
|
username: "elastic"
|
|
password: "Elastic_123456"
|
|
index: "fly-moon-email_v2_logs-%{+yyyy.MM.dd}"
|
|
bulk_max_size: 1024 # 单批次传输最大文档数
|
|
worker: 1 # 并行工作线程数
|
|
|
|
|
|
|
|
# 处理器(数据增强)
|
|
processors:
|
|
- add_host_metadata: ~ # 添加主机元数据
|
|
- add_cloud_metadata: ~ # 添加云环境元数据(如果在云上)
|
|
- add_docker_metadata: ~ # 添加 Docker 元数据(如果在 Docker 中)
|
|
- add_fields:
|
|
target: ""
|
|
fields:
|
|
environment: "production"
|
|
application: "fly-moon-email_v2"
|
|
- drop_fields:
|
|
fields: ["agent", "ecs"] # 删除不必要的字段,减少存储开销
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# 日志记录
|
|
logging.level: info
|
|
logging.to_files: true
|
|
logging.files:
|
|
path: /var/log/filebeat
|
|
name: filebeat.log
|
|
keepfiles: 7
|
|
permissions: 0644
|
|
|
|
|
|
|
|
# 设置队列和内存使用
|
|
queue.mem:
|
|
events: 1024
|
|
flush.min_events: 512
|
|
flush.timeout: 5s
|
|
|
|
|
|
|