我们需要将不同日志写到不同得elasticsearch得不同index中,但是一台机器只能启动一个filebeat(相对而言)
可以用如下配置
以下配置基于filebeat7.5.0
=========================== Filebeat inputs =============================
filebeat.inputs:
- type: log
enabled: true
paths:- /home/S2B/nginx/nginx/logs/access.log
json.keys_under_root: true
json.overwrite_keys: true
fields:
name: nginx-access
- /home/S2B/nginx/nginx/logs/access.log
- type: log
enabled: true
paths:- /home/S2B/nginx/nginx/logs/error.log
fields:
name: nginx-error
- /home/S2B/nginx/nginx/logs/error.log
============================= Filebeat modules ===============================
filebeat.config.modules:
Glob pattern for configuration loading
path: ${path.config}/modules.d/*.yml
==================== Elasticsearch template setting ==========================
setup.template.settings:
index.number_of_shards: 1
index.codec: best_compression
_source.enabled: false
setup.template.name: "log-"
setup.template.pattern: "log-*"
setup.ilm.enabled: false
================================ Outputs =====================================
Configure what output to use when sending the data collected by the beat.
-------------------------- Elasticsearch output ------------------------------
output.elasticsearch:
Array of hosts to connect to.
hosts: ["10.129.6.109:9200"]
Optional protocol and basic auth credentials.
protocol: "https"
username: "elastic"
password: "changeme"
username: "elastic"
password: "1q2w3e4r"
index: "log-%{[fields][name]}-%{+yyyy-MM-dd}"
----------------------------- Logstash output --------------------------------
output.logstash:
The Logstash hosts
hosts: ["localhost:5044"]
Optional SSL. By default is off.
List of root certificates for HTTPS server verifications
ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]
Certificate for SSL client authentication
ssl.certificate: "/etc/pki/client/cert.pem"
Client Certificate Key
ssl.key: "/etc/pki/client/cert.key"
相当于给不同日志定义个列 叫name通过这个name直接筛选属于哪一个index,并且按天分片。