dxin/jenkins-pipeline
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ead24989ed890b0b6372ef518eb919ee4022c323
jenkins-pipeline/k8s_yaml/ELK/filebast/02-filebeat-configmap.yaml
dxin ead24989ed 增加配置文件
2025-12-13 18:09:05 +08:00

94 lines
3.4 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

apiVersion: v1
kind: ConfigMap
metadata:
name: filebeat-config
namespace: kube-system
data:
filebeat.yml: |
setup.ilm.enabled: false
setup.template.enabled: false
filebeat.autodiscover:
providers:
- type: kubernetes
node: ${NODE_NAME}
hints.enabled: false
templates:
# ---------- Template 1: java语言的admin、agent、payment Pod, java21项目多行堆栈文本日志 ----------
- condition:
equals:
kubernetes.namespace: "sit" # 假设你的业务 pod 在 sit 命名空间
# or:
# - equals:
# kubernetes.labels.app: "flymoon-admin"
# - equals:
# kubernetes.labels.app: "flymoon-agent"
# - equals:
# kubernetes.labels.app: "flymoon-payment"
config:
- type: filestream
id: "k8s-log-${data.kubernetes.container.id}"
prospector.scanner.symlinks: true
parsers:
- container: ~
paths:
- /var/log/containers/*-${data.kubernetes.container.id}.log
# multiline:
# pattern: '^\d{4}-\d{2}-\d{2}-\d{2}:\d{2}:\d{2}\.\d{3}'
# negate: true
# match: after
# ignore_older: 24h
# scan_frequency: 10s
# clean_inactive: 25h
# close_inactive: 5m
# close_renamed: true
# start_position: beginning
fields:
application: ${data.kubernetes.labels.app}
log_type: ${data.kubernetes.labels.log_type}
environment: ${data.kubernetes.labels.environment}
instance: ${data.kubernetes.host}
processors:
- add_kubernetes_metadata:
host: ${NODE_NAME}
- add_fields:
fields:
log_source: k8s
target: 'mylog'
- dissect:
tokenizer: "%{timestamp} [%{thread}] %{level} %{class} - [%{method},%{line}] - %{message}"
field: "message"
target_prefix: "mylog"
ignore_missing: true
overwrite_keys: true
# ---------- java语言的email服务的Pod, java1.8项目自由文本格式日志, java21项目格式不太一样, 但也有堆栈信息----------
# ---------- go语言的中转服务的Pod, go项目json格式日志 ----------
# ---------- python语言的lessie-agent的Pod, python项目只有文本格式日志, 需排除掉一些不采集的日志 ----------
# ---------- python语言的apex的Pod, python项目json格式日志 ----------
# ---------- 前端存储静态资源的nginx pod, nginx 格式日志 ----------
# ---- 输出到 Elasticsearch ----
output.elasticsearch:
hosts: ["http://10.0.0.38:9200"]
username: "admin"
password: "G7ZSKFM4AQwHQpwA"
# 动态索引命名k8s-环境-应用-日期
index: "k8s-%{[kubernetes.labels.environment]}-%{[kubernetes.labels.app]}-%{+yyyy.MM.dd}"
logging.level: debug
logging.selectors: ["*"]
Reference in New Issue View Git Blame Copy Permalink