filebeat配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
filebeat.prospectors:

- input_type: log
#读取日志的路径
  paths:
    - /opt/export/log/info-xxx.log
  fields:
    log_type: "monitor_log"

  fields_under_root: true
#过滤部分日志
  include_lines: ['Monitor_log']

#----------------------------- Logstash output --------------------------------
output.logstash:
  # The Logstash hosts
  hosts: ["xxx.xxx.xxx.xxx:5043","xxx.xxx.xxx.xxx:5043"]
  loadbalance: true

#================================ Logging =====================================

logging.level: info
logging.to_files: true
logging.to_syslog: false
logging.files:
  path: /opt/export/app/filebeat/logs
  name: mybeat.log
  keepfiles: 5

过滤不包含指定字段的日志, 并仅仅输出到logstash, 也可以直接输出到Elasticsearch

启动命令

  1. 前台启动:关闭窗口连接后自动退出
1
./filebeat -e -c filebeat.yml
  1. 后台启动:
1
nohup ./filebeat -e -c filebeat.yml >/dev/null 2>&1 &
  1. 关闭:
1
kill -9 xxxx