filebeat.yml配置

#=========================== Filebeat inputs =============================

filebeat.inputs:

- type: log
  enabled: true     #默认为false,修改为true则启用该配置
  paths:
    - /home/logs/*.log
  fields:
    filetype: test1    #自定义字段，用来区分多个类型日志
  fields_under_root: true    #如果该选项设置为true，则新增fields成为顶级目录，而不是将其放在fields目录下

#============================= Filebeat modules ===============================

filebeat.config.modules:
  path: ${path.config}/modules.d/*.yml
  reload.enabled: false

#==================== Elasticsearch template setting ==========================

setup.template.settings:
  index.number_of_shards: 1
  #index.codec: best_compression
  #_source.enabled: false

#================================ Outputs =====================================
#直接将log数据传输到Elasticsearch
#-------------------------- Elasticsearch output ------------------------------
output.elasticsearch:
  # Array of hosts to connect to.
  hosts: ["localhost:9200"]
  username: "elastic"
  password: "elastic"

#----------------------------- Logstash output --------------------------------
#将log数据传输到logstash
#先启动logstash，不然的话filebeat会找不到logstash的5044端口
output.logstash:
  # The Logstash hosts
  hosts: ["localhost:5044"]