Filebeat相关的操作和配置 _filebeat

宁可枝头抱香死，何曾吹落北风中。这篇文章主要讲述Filebeat相关的操作和配置相关的知识，希望能为你提供帮助。
1、Filebea

cat/etc/filebeat/filebeat-k8s.ymlfilebeat.inputs: - type: log enabled: true json.keys_under_root: true json.overwrite_keys: true paths: - /var/log/cd/*/*/access.log fields: log_topics: access tags: ["k8s-accesslog"] field_under_root: true - type: log enabled: true paths: - /var/log/cd/*/*/catalina.out tags: ["k8s-catalina"] fields: log_topics: catalina multiline.pattern: ^[0-9] multiline.negate: true multiline.match: after - type: log enabled: true paths: - /var/log/cd/*/*/applog/error.log tail_files: true json.keys_under_root: true json.overwrite_keys: true fields: log_topics: error tags: ["k8s-error"] - type: log enabled: true paths: - /var/log/cd/*/*/applog/warn.log tail_files: true json.keys_under_root: true json.overwrite_keys: true fields: log_topics: warn tags: ["k8s-warn"] - type: log enabled: true paths: - /var/log/cd/*/*/applog/info.log tail_files: true json.keys_under_root: true json.overwrite_keys: true fields: log_topics: info tags: ["k8s-info"] - type: log enabled: true paths: - /var/log/cd/*/*/applog/app_*.log tail_files: true json.keys_under_root: true json.overwrite_keys: true fields: log_topics: app tags: ["k8s-app"] - type: log enabled: true paths: - /var/log/cd/*/*/applog/security_*.log tail_files: true json.keys_under_root: true json.overwrite_keys: true fields: log_topics: security tags: ["k8s-security"] - type: log enabled: true paths: - /var/log/cd/*/*/applog/api.log tail_files: true json.keys_under_root: true json.overwrite_keys: true fields: log_topics: api tags: ["k8s-api"] - type: log enabled: true paths: - /var/log/cd/*/*/applog/client.log tail_files: true json.keys_under_root: true json.overwrite_keys: true fields: log_topics: client tags: ["k8s-client"] - type: log enabled: true paths: - /var/log/cd/*/*/applog/track_*.log tail_files: true json.keys_under_root: true json.overwrite_keys: true fields: log_topics: track tags: ["k8s-track"] processors: - dissect: tokenizer: "/var/log/cd/%podid/%appid/access.log" field: "source" target_prefix: "" - drop_fields: fields: ["beat.name","beat.hostname","input.type"] - dissect: tokenizer: "/var/log/cd/%podid/%appid/catalina.out" field: "source" target_prefix: "" - drop_fields: fields: ["beat.name","beat.hostname","input.type"] - dissect: tokenizer: "/var/log/cd/%podid/%appid/applog/%filename.log" field: "source" target_prefix: "" - drop_fields: fields: ["beat.name","beat.hostname","input.type"]output.kafka: enabled: true hosts: ["172.21.164.59:9092","172.21.147.215:9092","172.21.243.86:9092"] topic: k8s-%[fields.log_topics]max_procs: 1

3、配置filbeat-kids系统启动服务
cd /usr/lib/systemd/system/
cp filebeat.service filebeat-kids.service
vim filebeat-kids.service
[Unit]
Description=Filebeat sends log files to Logstash or directly to Elasticsearch.
Documentation=https://www.elastic.co/products/beats/filebeat
Wants=network-online.target
After=network-online.target
[Service]
ExecStart=/usr/share/filebeat/bin/filebeat -c/etc/filebeat/filebeat-kidsvim fi.yml-path.home /usr/share/filebeat -path.config /etc/filebeat -path.data /var/lib/filebeat -path.logs /var/log/filebeat
Restart=always
[Install]
WantedBy=multi-user.target
【Filebeat相关的操作和配置】4、创建启动服务
systemctl enable filebeat-kids.service
systemctl start filebeat-kids.service
systemctl status filebeat-kids.service