110 lines
2.5 KiB
YAML
110 lines
2.5 KiB
YAML
setup.template.enabled: true
|
|
setup.ilm.enabled: true
|
|
setup.template.name: "pord01-flymoonlog"
|
|
setup.template.pattern: "pord01-flymoonlog*"
|
|
|
|
|
|
|
|
#主配置文件加载子配置文件
|
|
filebeat.config.inputs:
|
|
enabled: true
|
|
path: /etc/filebeat/inputs.d/*.yml
|
|
reload.enabled: true
|
|
reload.period: 10s
|
|
|
|
|
|
|
|
# 处理器
|
|
processors:
|
|
- dissect:
|
|
when:
|
|
equals:
|
|
log_type: sys-info
|
|
tokenizer: '%{timestamp} [%{thread}] %{log_level} %{log_message}'
|
|
field: "message"
|
|
target_prefix: "parsed_sys_info"
|
|
ignore_missing: true
|
|
overwrite_keys: false
|
|
|
|
- dissect:
|
|
when:
|
|
equals:
|
|
log_type: email-log
|
|
tokenizer: '%{timestamp} [%{thread}] %{level} %{class} - [%{method_line}] - %{message}'
|
|
field: "message"
|
|
target_prefix: "mylog"
|
|
ignore_missing: true
|
|
overwrite_keys: true
|
|
|
|
- dissect:
|
|
when:
|
|
equals:
|
|
log_type: admin-log
|
|
tokenizer: '%{timestamp} [%{thread}] %{level} %{class} - [%{method_line}] - %{message}'
|
|
field: "message"
|
|
target_prefix: "mylog"
|
|
ignore_missing: true
|
|
overwrite_keys: true
|
|
|
|
- dissect:
|
|
when:
|
|
equals:
|
|
log_type: agent-log
|
|
tokenizer: '%{timestamp} %{level} - [%{method},%{line}] - %{message}'
|
|
field: "message"
|
|
target_prefix: "mylog"
|
|
ignore_missing: true
|
|
overwrite_keys: true
|
|
|
|
- dissect:
|
|
when:
|
|
equals:
|
|
log_type: payment-log
|
|
tokenizer: '%{timestamp} %{level} - [%{method},%{line}] - %{message}'
|
|
field: "message"
|
|
target_prefix: "mylog"
|
|
ignore_missing: true
|
|
overwrite_keys: true
|
|
|
|
|
|
- dissect:
|
|
when:
|
|
equals:
|
|
log_type: payment-log
|
|
tokenizer: '%{timestamp} [%{thread}] %{level} %{class} - [%{method},%{line}] - %{message}'
|
|
field: "message"
|
|
target_prefix: "mylog"
|
|
ignore_missing: true
|
|
overwrite_keys: true
|
|
|
|
|
|
|
|
|
|
#输出
|
|
output.elasticsearch:
|
|
hosts: ["http://192.168.70.16:9200"]
|
|
username: "admin"
|
|
password: "123456"
|
|
index: "pord01-flymoonlog-%{[environment]}-%{[application]}-%{+yyyy.MM}" # 按月分割索引
|
|
bulk_max_size: 50 # 单批次传输最大文档数
|
|
worker: 1 # 并行工作线程数
|
|
timeout: 15s
|
|
|
|
|
|
|
|
# 日志记录
|
|
logging.level: info
|
|
logging.to_files: true
|
|
logging.files:
|
|
path: /var/log/filebeat
|
|
name: filebeat.log
|
|
keepfiles: 7
|
|
permissions: 0644
|
|
|
|
|
|
|
|
# 设置队列和内存使用
|
|
queue.mem:
|
|
events: 1024
|
|
flush.min_events: 512
|
|
flush.timeout: 10s |