30 lines
945 B
YAML
30 lines
945 B
YAML
filebeat.inputs:
|
|
- type: log
|
|
enabled: true
|
|
paths:
|
|
- /root/logs/sys-info*.log
|
|
- /root/logs/sys-error*.log
|
|
- /root/logs/sys-user*.log
|
|
fields:
|
|
application: my_app # 自定义字段,标识应用名称
|
|
fields_under_root: true
|
|
multiline.pattern: '^[[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2}' # 根据你的日志格式调整
|
|
multiline.negate: true
|
|
multiline.match: after
|
|
ignore_older: 24h
|
|
scan_frequency: 10s
|
|
clean_inactive: 25h
|
|
close_inactive: 5m
|
|
close_renamed: true
|
|
start_position: beginning
|
|
|
|
processors:
|
|
- drop_fields:
|
|
fields: ["agent", "ecs", "host.architecture", "host.os.*", "input.type", "log.offset", "tags"]
|
|
- include_fields:
|
|
fields: ["@timestamp", "message", "application", "host.ip", "host.name", "log.file.path"]
|
|
|
|
output.elasticsearch:
|
|
hosts: ["http://<elasticsearch_host>:9200"]
|
|
index: "my_app-${+yyyy.MM.dd}" # 按天分割的索引
|