• filebeat中增加其他参数用来区分不同的日志来源示例

    filebeat.yml配置文件参数
    在source里加入了一个fields叫做“appach: true"。

    filebeat.inputs:
- type: log
  enabled: true
  fields:  # 注意这两行
    apache: true
  paths:
    - /apache-daily-access.log
 
output.elasticsearch:
    hosts: ["localhost:9200"]

    显示结果:

    {
        "_index" : "filebeat-7.3.0-2019.09.11-000001",
        "_type" : "_doc",
        "_id" : "637VIG0BJD_DqHjgqvC5",
        "_score" : 1.0,
        "_source" : {
          "@timestamp" : "2019-09-11T14:58:55.902Z",
          "message" : """144.228.123.71 - - [11/Sep/2019:01:52:35 +0000] "GET /category/games HTTP/1.1" 200 117 "/search/?c=Books+Software" "Mozilla/5.0 (Windows NT 6.0) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11"""",
          "input" : {
            "type" : "log"
          },
          "fields" : {  # 注意这两行
            "apache" : true
          },
          "ecs" : {
            "version" : "1.0.1"
          },
          "host" : {
            "name" : "localhost"
          },
          "agent" : {
            "hostname" : "localhost",
            "id" : "c88813ba-fdea-4a98-a0be-468fb53566f3",
            "version" : "7.3.0",
            "type" : "filebeat",
            "ephemeral_id" : "ec3328d6-f7f0-4134-a2b6-8ff0c5141cc5"
          },
          "log" : {
            "offset" : 300352,
            "file" : {
              "path" : "/Users/liuxg/data/apache-daily-access.log"
            }
          }
        }
      }

    也可以加入一些tags:

    filebeat.inputs:
- type: log
  enabled: true
  fields:
    apache: true
  tags: ["my-service", "hardware", "test"] # 注意这一行
  paths:
    - /Users/liuxg/data/apache-daily-access.log
 
output.elasticsearch:
  hosts: ["localhost:9200"]

    这样在_source里就会出现一些tag:

    {
        "_index" : "filebeat-7.3.0-2019.09.11-000001",
        "_type" : "_doc",
        "_id" : "HIHyIG0BJD_DqHjgm0uL",
        "_score" : 1.0,
        "_source" : {
          "@timestamp" : "2019-09-11T15:30:33.163Z",
          "agent" : {
            "id" : "c88813ba-fdea-4a98-a0be-468fb53566f3",
            "version" : "7.3.0",
            "type" : "filebeat",
            "ephemeral_id" : "6fc482b2-fac8-4d79-8ca1-b27ef39cea3d",
            "hostname" : "localhost"
          },
          "log" : {
            "file" : {
              "path" : "/Users/liuxg/data/apache-daily-access.log"
            },
            "offset" : 11497
          },
          "message" : """164.51.31.185 - - [11/Sep/2019:00:04:15 +0000] "GET /item/giftcards/232 HTTP/1.1" 200 130 "/category/electronics" "Mozilla/5.0 (Windows NT 6.0) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11"""",
          "tags" : [ # 注意这几行
            "my-service",
            "hardware",
            "test"
          ],
          "input" : {
            "type" : "log"
          },
          "fields" : {
            "apache" : true
          },
          "ecs" : {
            "version" : "1.0.1"
          },
          "host" : {
            "name" : "localhost"
          }
        }
      }
  • 相关阅读:
    python学习第18天----属性、类方法、静态方法
    面试总结
    JAVA面试题整理
    Docker-基础
    Shell
    MYSQL
    logstash的使用(ELK)
    (ELK)FileBeat的使用
    Zookeeper的介绍和单机、集群搭建
    Elaticsearch7.7.0的安装(ELK)
  • 原文地址:https://www.cnblogs.com/sanduzxcvbnm/p/12848946.html
Copyright © 2020-2023  润新知