106 lines
4.1 KiB
YAML
106 lines
4.1 KiB
YAML
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: filebeat-config
|
|
namespace: kube-system
|
|
data:
|
|
filebeat.yml: |
|
|
setup.ilm.enabled: false
|
|
setup.template.enabled: false
|
|
|
|
filebeat.autodiscover:
|
|
providers:
|
|
- type: kubernetes
|
|
templates:
|
|
# ---------- ↓ go语言的中转服务的Pod, go项目json格式日志 ↓ ----------
|
|
- condition:
|
|
and:
|
|
- equals:
|
|
kubernetes.namespace: sit
|
|
- equals:
|
|
kubernetes.labels.app: "lessie-go-api"
|
|
config:
|
|
- type: filestream
|
|
id: "container-${data.kubernetes.container.id}"
|
|
prospector.scanner.symlinks: true
|
|
close.on_state_change.removed: false
|
|
parsers:
|
|
- container: ~
|
|
paths:
|
|
- /var/log/containers/*-${data.kubernetes.container.id}.log
|
|
|
|
processors:
|
|
- add_kubernetes_metadata:
|
|
host: ${NODE_NAME}
|
|
- decode_json_fields:
|
|
fields: ["message"]
|
|
target: "mylog"
|
|
overwrite_keys: true
|
|
add_error_key: true
|
|
- drop_fields:
|
|
fields:
|
|
- "kubernetes.node.labels"
|
|
- "kubernetes.namespace_labels.kubernetes_io/metadata_name"
|
|
ignore_missing: true
|
|
|
|
# ---------- ↑ go语言的中转服务的Pod, go项目json格式日志 ↑ ----------
|
|
|
|
# ---------- ↓ java语言的中转服务的Pod, agnet\admin\payment 项目自由文本格式日志 ↓ ----------
|
|
- condition:
|
|
and:
|
|
- equals:
|
|
kubernetes.namespace: sit
|
|
- or:
|
|
- equals:
|
|
kubernetes.labels.app: "flymoon-admin"
|
|
- equals:
|
|
kubernetes.labels.app: "flymoon-agent"
|
|
- equals:
|
|
kubernetes.labels.app: "flymoon-payment"
|
|
config:
|
|
- type: filestream
|
|
id: "container-${data.kubernetes.container.id}"
|
|
prospector.scanner.symlinks: true
|
|
close.on_state_change.removed: false
|
|
parsers:
|
|
- container: ~
|
|
- multiline:
|
|
type: pattern
|
|
pattern: '^\d{4}-\d{2}-\d{2}-\d{2}:\d{2}:\d{2}\.\d{3}'
|
|
negate: true
|
|
match: after
|
|
paths:
|
|
- /var/log/containers/*-${data.kubernetes.container.id}.log
|
|
|
|
processors:
|
|
- add_kubernetes_metadata:
|
|
host: ${NODE_NAME}
|
|
- dissect:
|
|
tokenizer: '%{timestamp} %{level} %{pid} --- [%{thread}] %{class} : [%{app_name->}] %{message}'
|
|
field: "message"
|
|
target_prefix: "mylog"
|
|
ignore_missing: true
|
|
overwrite_keys: true
|
|
- drop_fields:
|
|
fields: ["kubernetes.node.labels", "kubernetes.annotations"]
|
|
ignore_missing: true
|
|
|
|
# ---------- ↑ java语言的中转服务的Pod, agnet\admin\payment 项目自由文本格式日志 ↑ ----------
|
|
|
|
# ---------- ↓ python语言的中转服务的Pod, lessie agent 项目自由文本格式日志 ↓ ----------
|
|
|
|
|
|
|
|
# ---------- ↑ python语言的中转服务的Pod, lessie agent 项目自由文本格式日志 ↑ ----------
|
|
|
|
|
|
# ---- 输出到 Elasticsearch ----
|
|
output.elasticsearch:
|
|
hosts: ["http://10.0.0.38:9200"]
|
|
username: "admin"
|
|
password: "G7ZSKFM4AQwHQpwA"
|
|
index: "k8s-%{[kubernetes.labels.environment]}-%{[kubernetes.labels.app]}-%{+yyyy.MM.dd}"
|
|
# index: "k8s-%{[kubernetes.labels.app]}-%{+yyyy.MM.dd}"
|
|
|
|
logging.level: debug
|
|
logging.selectors: ["*"] |