版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/sinat_34233802/article/details/68942465
#filebeat
#配置
- input_type: log
# Paths that should be crawled and fetched. Glob based paths.
paths:
- /var/log/**.log
- /var/log/**/**.log #filebeat不支持自动匹配目录及子目录
ignore_older: 1m #忽略以前文件
output.logstash:
# The Logstash hosts
hosts: ["localhost:5046"]
#启动
./filebeat -e -c filebeat.yml
#data目录下回记录日志文件的offset
#logstash
#配置
input {
beats {
port =>5046
}
}
filter {
mutate {
gsub => [
"source" , "^(\/[^\/^]+){2}/","" ] #数字2可设置为想过滤的文件夹层级,正则替换
}
}
output {
file {
path => "/tmp/file-to-log/%{source}"
codec => line {
format => "%{message}" #以原始内容保存,去掉传输过程中的增加字段
}
}
}
#启动
./logstash -f test-filebeat.conf