例子
1】filebeat-->elasticsearch
filebeat.inputs:
- type: log
paths:
- /app/logs/access.log
- /app/logs/error.log
multiline.pattern: '^\['
multiline.negate: true
multiline.match: after
filebeat.config.modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
setup.template.settings:
index.number_of_shards: 1
output.elasticsearch:
hosts: ["http://192.168.1.1:9200"]
index: "test-log-%{+yyyy.MM.dd}"
setup.template.name: "test-log"
setup.template.pattern: "test-log-*"
setup.ilm.enabled: false
processors:
- add_host_metadata: ~
- add_cloud_metadata: ~
test-log:自定义索引名
非字符 [ 开头的行,合并到上一行
multiline.pattern: '^\['
multiline.negate: true
multiline.match: after
非 2015-08-24 格式开头的行,合并到上一行。
multiline.pattern: '^\[0-9]{4}-[0-9]{2}-[0-9]{2}'
multiline.negate: true
multiline.match: after