filebeat收集java日志

• filebeat.yml

filebeat.inputs:
- type: log
  enabled: true
  paths:  /usr/local/java/logs/*.log
  fields:
    public_ip: x.x.x.x
    private_ip: x.x.x.x
    env: prod 
    server_type: xxx
  fields_under_root: true                            
  multiline.pattern: '^[0-9]{4}-[0-9]{2}-[0-9]{2}'  # 正则匹配开头，微服务全部是时间开头
  multiline.negate: true                            # 不是时间开头的，合并一行
  multiline.match: after

# 输出到 Logstash， 数据处理
output.logstash:
  hosts: ["192.168.0.134:4560"]

# 如果不需要数据处理,直接收集
#output.elasticsearch:
#  hosts: ["192.168.0.134:9200"]
#  username: "elastic"
#  password: "elastic"

多日志文件,根据文件名生产不同的索引

filebeat.inputs:
  - type: log
    enabled: true
    paths:
      - /path/to/logs/*.log
    fields_under_root: true
    fields:
      log_source: custom

processors:
  - add_fields:
      target: ''
      fields:
        index_prefix: 'myindex'

  - dissect:
      tokenizer: "/path/to/logs/%{file_name}.log"
      field: "log.file.path"
      target_prefix: "file"

setup.template.name: "filebeat"
setup.template.pattern: "filebeat-*"

output.elasticsearch:
  hosts: ["http://localhost:9200"]
  index: "%{[index_prefix]}-%{[file.file_name]}-%{+yyyy.MM.dd}"