filebeat收集日志到Elasticsearch,生成Data Stream正常的,索引不对,试过好几种配置都不行
source: monitor-api
multiline:
pattern: ^\d{4}\-\d{2}\-\d{2}
negate: true
match: after
filebeat.config.modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
setup.ilm.enabled: false
setup.template:
name: 'logs'
pattern: 'logs-*'
enabled: false
setup.template.settings:
index.number_of_shards: 1
output.elasticsearch:
# 定义ES的IP:PORT
hosts: ["192.168.0.223:9200"]
index: "logs-monitor-api-%{+yyyy-MM-dd}"
username: "mlxg"
password: "Mlxg2234"
# 定义模板的相关信息
#setup.template:
# name: '%{[fields.source]}'
# pattern: '%{[fields.source}-*'
# enabled: false
# overwrite: true
processors:
- add_host_metadata:
when.not.contains.tags: forwarded
- add_cloud_metadata: ~
- add_docker_metadata: ~
- add_kubernetes_metadata: ~
source: monitor-api
multiline:
pattern: ^\d{4}\-\d{2}\-\d{2}
negate: true
match: after
filebeat.config.modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
setup.ilm.enabled: false
setup.template:
name: 'logs'
pattern: 'logs-*'
enabled: false
setup.template.settings:
index.number_of_shards: 1
output.elasticsearch:
# 定义ES的IP:PORT
hosts: ["192.168.0.223:9200"]
index: "logs-monitor-api-%{+yyyy-MM-dd}"
username: "mlxg"
password: "Mlxg2234"
# 定义模板的相关信息
#setup.template:
# name: '%{[fields.source]}'
# pattern: '%{[fields.source}-*'
# enabled: false
# overwrite: true
processors:
- add_host_metadata:
when.not.contains.tags: forwarded
- add_cloud_metadata: ~
- add_docker_metadata: ~
- add_kubernetes_metadata: ~
2 个回复
kin122
赞同来自:
kin122
赞同来自: