filebeat 监控多个文件,并且写入不同 index的 elasticsearch中

filebeat.yml 的配置

#====================== input =================
filebeat.inputs:
- type: log
enabled: true
paths:
-
/home/www/test/logs/*/*/info.log
tags: ["codeflag-info-log"]
fields:
index: 'codeflag-test-info'
- type: log
enabled: true
paths:
-
/home/www/test/logs/*/*/error.log
json.keys_under_root: true
tags: ["codeflag-error_log"]
fields:
index: 'codeflag-test-error'
- type: log
enabled: true
paths:
-
/home/www/test/logs/*/*/service.log
json.keys_under_root: true
tags: ["codeflag-service_log"]
fields:
index: 'codeflag-test-service'
- type: log
enabled: true
paths:
-
/home/www/prod/logs/api/*/info.log
tags: ["codeflag-info-log"]
fields:
index: 'codeflag-prod-info'
- type: log
enabled: true
paths:
-
/home/www/prod/logs/api/*/error.log
json.keys_under_root: true
tags: ["codeflag-error_log"]
fields:
index: 'codeflag-prod-error'
- type: log
enabled: true
paths:
-
/home/www/prod/logs/api/*/service.log
json.keys_under_root: true
tags: ["codeflag-service_log"]
fields:
index: 'codeflag-prod-service'
#================ output =====================
output.elasticsearch:
hosts: ["172.18.0.219:9200"]
indices:
- index: "codeflag-test-info"
when.contains:
fields:
index: 'codeflag-test-info'
- index: "codeflag-test-error"
when.contains:
fields:
index: 'codeflag-test-error'
- index: "codeflag-test-service"
when.contains:
fields:
index: 'codeflag-test-service'
- index: "codeflag-prod-info"
when.contains:
fields:
index: 'codeflag-prod-info'
- index: "codeflag-prod-error"
when.contains:
fields:
index: 'codeflag-prod-error'
- index: "codeflag-prod-service"
when.contains:
fields:
index: 'codeflag-prod-service'
#============== Elasticsearch template setting ==========
setup.template.name: "codeflag"
setup.template.pattern: "codeflag-*"
#setup.template.overwrite: false
setup.template.enabled: true
setup.kibana:
host: "172.18.0.219:80"
#================== processors config ===================
processors:
- drop_fields:
fields: ["input_type", "offset", "beat.name","beat.version","beat.hostname","input.type","prospector.type","log.file.path"]

相关参考：

加载Elasticsearch索引模板     
https://www.cnblogs.com/qinwengang/p/10980871.html

官方文档
https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html

最后

以上就是传统铅笔为你收集整理的filebeat 监控多个文件,并且写入不同 index的 elasticsearch中的全部内容，希望文章能够帮你解决filebeat 监控多个文件,并且写入不同 index的 elasticsearch中所遇到的程序开发问题。

如果觉得靠谱客网站的内容还不错，欢迎将靠谱客网站推荐给程序员好友。