一、自定义采集数据标签
自定义标签
tags: [“nginx-access”] 自定义标签为 nginx-access
tags: [“error-access”] 自定义标签为 error-access
自定义字段
fields:
from: nginx-access
itcase: "192.168.168.13"
终端端显示信息
完整的一个 自定义标签、自定义字段的 filebeat采集日志
filebeat.inputs:
- type: log
enabled: true
paths:
- /usr/local/nginx/logs/access_json.log
tags: ["nginx-access"] #指定自定义标签
fields: #指定自定义字段
from: nginx-access #字段1
itcase: "192.168.168.13" #字段2
# -------------———----------------- #
setup.template.settings:
index.number_of_shards: 3
# --------------------------------- #
output.logstash:
hosts: ["192.168.168.12:5044"]
pretty: true
enable: true
logstash 引用标签,对索引进行输出
input {
beats {
host => "0.0.0.0"
port => 5044
}
}
output {
if "nginx-access" in [tags] {
stdout { codec => rubydebug }
}
if "nginx-error" in [tags] {
stdout { codec => rubydebug }
}
}
output {
if "nginx-access" in [tags] {
elasticsearch {
hosts => ["192.168.168.11"]
index => "logstash-nginx-access-%{+YYYY.MM.dd}"
}
}
if "nginx-error" in [tags] {
elasticsearch {
hosts => ["192.168.168.11"]
index => "logstash-nginx-error-%{+YYYY.MM.dd}"
}
}
}
二、Filebeat 采集多个日志配置
filebeat.inputs:
- type: log
enabled: true
paths:
- /usr/local/nginx/logs/access_json.log
tags: ["nginx-access"]
fields:
from: nginx-access
itcase: "192.168.168.13"
#fields_under_root: true
# ------- 第二个日志 -----------#
- type: log
enabled: true
paths:
- /usr/local/nginx/logs/error_json.log
tags: ["nginx-error"]
fields:
from: nginx-error
itcase: "192.168.168.13"
1167
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
