jenkins-pipeline/k8s_yaml/ELK/filebast/02-filebeat-configmap.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  name: filebeat-config
  namespace: kube-system
data:
  filebeat.yml: |
    setup.ilm.enabled: false
    setup.template.enabled: false

    filebeat.autodiscover:
      providers:
        - type: kubernetes
          templates:
            # ---------- ↓ go语言的中转服务的Pod, go项目json格式日志 ↓ ----------
            - condition:
                and:
                  - equals:
                      kubernetes.namespace: sit
                  - equals:
                      kubernetes.labels.app: "lessie-go-api"
              config:
                - type: filestream
                  id: "container-${data.kubernetes.container.id}"
                  prospector.scanner.symlinks: true
                  close.on_state_change.removed: false
                  parsers:
                    - container: ~
                  paths:
                    - /var/log/containers/*-${data.kubernetes.container.id}.log

                  processors:
                    - add_kubernetes_metadata:
                        host: ${NODE_NAME}
                    - decode_json_fields:
                        fields: ["message"]
                        target: "mylog"
                        overwrite_keys: true
                        add_error_key: true
                    - drop_fields:
                        fields: 
                          - "kubernetes.node.labels"
                          - "kubernetes.namespace_labels.kubernetes_io/metadata_name"
                        ignore_missing: true

            # ---------- ↑ go语言的中转服务的Pod, go项目json格式日志 ↑ ----------
            
            # ---------- ↓ java语言的中转服务的Pod, agnet\admin\payment 项目自由文本格式日志 ↓ ----------
            - condition:
                and:
                  - equals:
                      kubernetes.namespace: sit
                  - or:
                    - equals:
                        kubernetes.labels.app: "flymoon-admin"
                    - equals:
                        kubernetes.labels.app: "flymoon-agent"
                    - equals:
                        kubernetes.labels.app: "flymoon-payment"
              config:
                - type: filestream
                  id: "container-${data.kubernetes.container.id}"
                  prospector.scanner.symlinks: true
                  close.on_state_change.removed: false
                  parsers:
                    - container: ~
                    - multiline:
                        type: pattern
                        pattern: '^\d{4}-\d{2}-\d{2}-\d{2}:\d{2}:\d{2}\.\d{3}'
                        negate: true
                        match: after
                  paths:
                    - /var/log/containers/*-${data.kubernetes.container.id}.log

                  processors:
                    - add_kubernetes_metadata:
                        host: ${NODE_NAME}
                    - dissect:
                        tokenizer: '%{timestamp}  %{level}  %{pid}  ---  [%{thread}]  %{class}  :  [%{app_name->}]  %{message}'
                        field: "message"
                        target_prefix: "mylog"
                        ignore_missing: true
                        overwrite_keys: true
                    - drop_fields:
                        fields: ["kubernetes.node.labels", "kubernetes.annotations"]
                        ignore_missing: true

            # ---------- ↑ java语言的中转服务的Pod, agnet\admin\payment 项目自由文本格式日志 ↑ ----------

            # ---------- ↓ python语言的中转服务的Pod, lessie agent 项目自由文本格式日志 ↓ ----------


            # ---------- ↑ python语言的中转服务的Pod, lessie agent 项目自由文本格式日志 ↑ ----------


    # ---- 输出到 Elasticsearch ----
    output.elasticsearch:
      hosts: ["http://10.0.0.38:9200"]
      username: "admin"
      password: "G7ZSKFM4AQwHQpwA"
      index: "k8s-%{[kubernetes.labels.environment]}-%{[kubernetes.labels.app]}-%{+yyyy.MM.dd}"
      # index: "k8s-%{[kubernetes.labels.app]}-%{+yyyy.MM.dd}"

    logging.level: debug
    logging.selectors:  ["*"]
增加配置文件 2025-12-13 18:09:05 +08:00			`apiVersion: v1`
			`kind: ConfigMap`
			`metadata:`
			`name: filebeat-config`
			`namespace: kube-system`
			`data:`
			`filebeat.yml: \|`
			`setup.ilm.enabled: false`
			`setup.template.enabled: false`

			`filebeat.autodiscover:`
			`providers:`
			`- type: kubernetes`
			`templates:`
更改采集日志模板 2025-12-24 14:41:42 +08:00			`# ---------- ↓ go语言的中转服务的Pod, go项目json格式日志 ↓ ----------`
更新filebast的配置文件 2025-12-14 21:41:27 +08:00			`- condition:`
			`and:`
			`- equals:`
更改采集日志模板 2025-12-24 14:41:42 +08:00			`kubernetes.namespace: sit`
更新filebast的配置文件 2025-12-14 21:41:27 +08:00			`- equals:`
			`kubernetes.labels.app: "lessie-go-api"`
			`config:`
			`- type: filestream`
更改采集日志模板 2025-12-24 14:41:42 +08:00			`id: "container-${data.kubernetes.container.id}"`
更新filebast的配置文件 2025-12-14 21:41:27 +08:00			`prospector.scanner.symlinks: true`
更改采集日志模板 2025-12-24 14:41:42 +08:00			`close.on_state_change.removed: false`
更新filebast的配置文件 2025-12-14 21:41:27 +08:00			`parsers:`
			`- container: ~`
			`paths:`
			`- /var/log/containers/*-${data.kubernetes.container.id}.log`

			`processors:`
			`- add_kubernetes_metadata:`
更改采集日志模板 2025-12-24 14:41:42 +08:00			`host: ${NODE_NAME}`
更新filebast的配置文件 2025-12-14 21:41:27 +08:00			`- decode_json_fields:`
			`fields: ["message"]`
更改采集日志模板 2025-12-24 14:41:42 +08:00			`target: "mylog"`
更新filebast的配置文件 2025-12-14 21:41:27 +08:00			`overwrite_keys: true`
			`add_error_key: true`
更改采集日志模板 2025-12-24 14:41:42 +08:00			`- drop_fields:`
			`fields:`
			`- "kubernetes.node.labels"`
			`- "kubernetes.namespace_labels.kubernetes_io/metadata_name"`
			`ignore_missing: true`

			`# ---------- ↑ go语言的中转服务的Pod, go项目json格式日志 ↑ ----------`

			`# ---------- ↓ java语言的中转服务的Pod, agnet\admin\payment 项目自由文本格式日志 ↓ ----------`
			`- condition:`
			`and:`
			`- equals:`
			`kubernetes.namespace: sit`
			`- or:`
			`- equals:`
			`kubernetes.labels.app: "flymoon-admin"`
			`- equals:`
			`kubernetes.labels.app: "flymoon-agent"`
			`- equals:`
			`kubernetes.labels.app: "flymoon-payment"`
			`config:`
			`- type: filestream`
			`id: "container-${data.kubernetes.container.id}"`
			`prospector.scanner.symlinks: true`
			`close.on_state_change.removed: false`
			`parsers:`
			`- container: ~`
			`- multiline:`
			`type: pattern`
			`pattern: '^\d{4}-\d{2}-\d{2}-\d{2}:\d{2}:\d{2}\.\d{3}'`
			`negate: true`
			`match: after`
			`paths:`
			`- /var/log/containers/*-${data.kubernetes.container.id}.log`
增加测试配置文件 2025-12-14 23:43:32 +08:00
更改采集日志模板 2025-12-24 14:41:42 +08:00			`processors:`
			`- add_kubernetes_metadata:`
			`host: ${NODE_NAME}`
			`- dissect:`
			`tokenizer: '%{timestamp} %{level} %{pid} --- [%{thread}] %{class} : [%{app_name->}] %{message}'`
			`field: "message"`
			`target_prefix: "mylog"`
			`ignore_missing: true`
			`overwrite_keys: true`
			`- drop_fields:`
			`fields: ["kubernetes.node.labels", "kubernetes.annotations"]`
			`ignore_missing: true`
增加测试配置文件 2025-12-14 23:43:32 +08:00
更改采集日志模板 2025-12-24 14:41:42 +08:00			`# ---------- ↑ java语言的中转服务的Pod, agnet\admin\payment 项目自由文本格式日志 ↑ ----------`
增加测试配置文件 2025-12-14 23:43:32 +08:00
更改采集日志模板 2025-12-24 14:41:42 +08:00			`# ---------- ↓ python语言的中转服务的Pod, lessie agent 项目自由文本格式日志 ↓ ----------`
增加配置文件 2025-12-13 18:09:05 +08:00


更改采集日志模板 2025-12-24 14:41:42 +08:00			`# ---------- ↑ python语言的中转服务的Pod, lessie agent 项目自由文本格式日志 ↑ ----------`
增加配置文件 2025-12-13 18:09:05 +08:00

			`# ---- 输出到 Elasticsearch ----`
			`output.elasticsearch:`
			`hosts: ["http://10.0.0.38:9200"]`
			`username: "admin"`
			`password: "G7ZSKFM4AQwHQpwA"`
			`index: "k8s-%{[kubernetes.labels.environment]}-%{[kubernetes.labels.app]}-%{+yyyy.MM.dd}"`
更改采集日志模板 2025-12-24 14:41:42 +08:00			`# index: "k8s-%{[kubernetes.labels.app]}-%{+yyyy.MM.dd}"`
增加配置文件 2025-12-13 18:09:05 +08:00
			`logging.level: debug`
更改采集日志模板 2025-12-24 14:41:42 +08:00			`logging.selectors: ["*"]`