94 lines
3.4 KiB
YAML
94 lines
3.4 KiB
YAML
|
apiVersion: v1
|
|||
|
|
kind: ConfigMap
|
|||
|
|
metadata:
|
|||
|
|
name: filebeat-config
|
|||
|
|
namespace: kube-system
|
|||
|
|
data:
|
|||
|
|
filebeat.yml: |
|
|||
|
|
setup.ilm.enabled: false
|
|||
|
|
setup.template.enabled: false
|
|||
|
|
|
|||
|
|
filebeat.autodiscover:
|
|||
|
|
providers:
|
|||
|
|
- type: kubernetes
|
|||
|
|
node: ${NODE_NAME}
|
|||
|
|
hints.enabled: false
|
|||
|
|
|
|||
|
|
templates:
|
|||
|
|
# ---------- Template 1: java语言的admin、agent、payment Pod, java21项目多行堆栈文本日志 ----------
|
|||
|
|
- condition:
|
|||
|
|
equals:
|
|||
|
|
kubernetes.namespace: "sit" # 假设你的业务 pod 在 sit 命名空间
|
|||
|
|
# or:
|
|||
|
|
# - equals:
|
|||
|
|
# kubernetes.labels.app: "flymoon-admin"
|
|||
|
|
# - equals:
|
|||
|
|
# kubernetes.labels.app: "flymoon-agent"
|
|||
|
|
# - equals:
|
|||
|
|
# kubernetes.labels.app: "flymoon-payment"
|
|||
|
|
config:
|
|||
|
|
- type: filestream
|
|||
|
|
id: "k8s-log-${data.kubernetes.container.id}"
|
|||
|
|
prospector.scanner.symlinks: true
|
|||
|
|
parsers:
|
|||
|
|
- container: ~
|
|||
|
|
paths:
|
|||
|
|
- /var/log/containers/*-${data.kubernetes.container.id}.log
|
|||
|
|
# multiline:
|
|||
|
|
# pattern: '^\d{4}-\d{2}-\d{2}-\d{2}:\d{2}:\d{2}\.\d{3}'
|
|||
|
|
# negate: true
|
|||
|
|
# match: after
|
|||
|
|
# ignore_older: 24h
|
|||
|
|
# scan_frequency: 10s
|
|||
|
|
# clean_inactive: 25h
|
|||
|
|
# close_inactive: 5m
|
|||
|
|
# close_renamed: true
|
|||
|
|
# start_position: beginning
|
|||
|
|
fields:
|
|||
|
|
application: ${data.kubernetes.labels.app}
|
|||
|
|
log_type: ${data.kubernetes.labels.log_type}
|
|||
|
|
environment: ${data.kubernetes.labels.environment}
|
|||
|
|
instance: ${data.kubernetes.host}
|
|||
|
|
|
|||
|
|
processors:
|
|||
|
|
- add_kubernetes_metadata:
|
|||
|
|
host: ${NODE_NAME}
|
|||
|
|
- add_fields:
|
|||
|
|
fields:
|
|||
|
|
log_source: k8s
|
|||
|
|
target: 'mylog'
|
|||
|
|
- dissect:
|
|||
|
|
tokenizer: "%{timestamp} [%{thread}] %{level} %{class} - [%{method},%{line}] - %{message}"
|
|||
|
|
field: "message"
|
|||
|
|
target_prefix: "mylog"
|
|||
|
|
ignore_missing: true
|
|||
|
|
overwrite_keys: true
|
|||
|
|
|
|||
|
|
# ---------- java语言的email服务的Pod, java1.8项目自由文本格式日志, java21项目格式不太一样, 但也有堆栈信息----------
|
|||
|
|
|
|||
|
|
|
|||
|
|
# ---------- go语言的中转服务的Pod, go项目json格式日志 ----------
|
|||
|
|
|
|||
|
|
|
|||
|
|
# ---------- python语言的lessie-agent的Pod, python项目只有文本格式日志, 需排除掉一些不采集的日志 ----------
|
|||
|
|
|
|||
|
|
|
|||
|
|
# ---------- python语言的apex的Pod, python项目json格式日志 ----------
|
|||
|
|
|
|||
|
|
|
|||
|
|
# ---------- 前端存储静态资源的nginx pod, nginx 格式日志 ----------
|
|||
|
|
|
|||
|
|
|
|||
|
|
# ---- 输出到 Elasticsearch ----
|
|||
|
|
output.elasticsearch:
|
|||
|
|
hosts: ["http://10.0.0.38:9200"]
|
|||
|
|
username: "admin"
|
|||
|
|
password: "G7ZSKFM4AQwHQpwA"
|
|||
|
|
|
|||
|
|
# 动态索引命名:k8s-环境-应用-日期
|
|||
|
|
index: "k8s-%{[kubernetes.labels.environment]}-%{[kubernetes.labels.app]}-%{+yyyy.MM.dd}"
|
|||
|
|
|
|||
|
|
|
|||
|
|
logging.level: debug
|
|||
|
|
logging.selectors: ["*"]
|