软件版本:7.15.0
运行环境:CentOS 7.8.2003,Docker version 20.10.6。
场景/上下文:配置filebeat输入容器日志输出到ES,但是发现0点没有创建新的索引,经排查发现文档中_source.@timestamp这个字段的时间慢八小时(截图所示)。请问有人遇到过这个问题,都是怎么解决的。
filebeat.yml配置文件内容如下:
运行环境:CentOS 7.8.2003,Docker version 20.10.6。
场景/上下文:配置filebeat输入容器日志输出到ES,但是发现0点没有创建新的索引,经排查发现文档中_source.@timestamp这个字段的时间慢八小时(截图所示)。请问有人遇到过这个问题,都是怎么解决的。
filebeat.yml配置文件内容如下:
# ============================== Filebeat inputs ===============================
filebeat.inputs:
- type: container
enabled: true
paths:
- '/var/lib/docker/containers/*/*.log'
# ============================== Filebeat modules ==============================
filebeat.config.modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
# ======================= Elasticsearch template setting =======================
setup.template.settings:
index.number_of_shards: 1
setup.template.name: "abcd"
setup.template.pattern: "abcd-*"
setup.ilm.enabled: false
# =================================== Kibana ===================================
# Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API.
# This requires a Kibana endpoint configuration.
setup.kibana:
# ================================== Outputs ===================================
# Configure what output to use when sending the data collected by the beat.
# ---------------------------- Elasticsearch Output ----------------------------
output.elasticsearch:
# Array of hosts to connect to.
hosts: ["10.10.10.10:9200"]
username: "elastic"
password: "changeme"
index: "abcd-%{[agent.version]}-%{+yyyy.MM.dd}"
# ================================= Processors =================================
processors:
- add_host_metadata:
when.not.contains.tags: forwarded
- add_cloud_metadata: ~
- add_docker_metadata: ~
- add_kubernetes_metadata: ~
1 个回复
hgditren
赞同来自: