elk

Kibana 搜索语法 - harrychinese - 博客园

input {
  kafka {
    bootstrap_servers =>["172.25.206.201:9092"]
    group_id => "snmp-consumer-group-2"
    client_id => "ciphermachine-1"
    topics => ["elk_devlog"]
    type => "devlog"
    auto_offset_reset => "latest"
}
  kafka {
    bootstrap_servers =>["172.25.206.201:9092"]
    group_id => "sys-consumer-group-2"
    client_id => "ciphermachine-2"
    auto_offset_reset => "latest"
    topics => ["prd_syslog"]
    type => "syslog"


}
}

output {
  if [type] == "syslog" {
  elasticsearch {
    hosts => ["172.25.156.73:9200","172.25.156.74:9200","172.25.156.75:9200"]
    index => "prd-syslog-%{+YYYY.MM.dd}"
}

  if [type] == "devlog" {
  elasticsearch {
    hosts => ["172.25.156.73:9200","172.25.156.74:9200","172.25.156.75:9200"]
    index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
}
}
}
}

[root@rz135151 ~]# cat /tmp/filebeat.yml 
filebeat.inputs:
- type: log
  enable: true
  paths:
    - /var/log/*.log
    - /var/log/*log
    - /var/log/messages
output.kafka:
  enable: true
  hosts:  ["172.25.206.201:9092"]
  topic: prd_syslog