当测试环境的日志类型有多个时,比如,NGINX,jar包日志,等等,用filebeat采集日志时可以设置多个字段,编辑filebeat.yml
filebeat.inputs: - type: log enabled: true paths: - /var/log/nginx/access.log encoding: GB2312 fields: type: www_access - type: log paths: - /var/log/nginx/io.error.log encoding: GB2312 fields: type: www_error - type: log paths: - /var/log/nginx/doc.access.log encoding: GB2312 fields: type: doc_access # ============================== Filebeat modules ============================== filebeat.config.modules: # Glob pattern for configuration loading path: ${path.config}/modules.d/*.yml # Set to true to enable config reloading reload.enabled: false # Period on which files under path should be checked for changes #reload.period: 10s # ======================= Elasticsearch template setting ======================= setup.template.settings: index.number_of_shards: 1 #index.codec: best_compression #_source.enabled: false # =================================== Kibana =================================== # Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API. # This requires a Kibana endpoint configuration. setup.kibana: # Kibana Host # Scheme and port can be left out and will be set to the default (http and 5601) # In case you specify and additional path, the scheme is required: http://localhost:5601/path # IPv6 addresses should always be defined as: https://[2001:db8::1]:5601 host: "192.168.**:5601" # ---------------------------- Elasticsearch Output ---------------------------- output.elasticsearch: # Array of hosts to connect to. hosts: ["192.168.**:9200"] # ================================= Processors ================================= processors: - add_host_metadata: when.not.contains.tags: forwarded - add_cloud_metadata: ~ - add_docker_metadata: ~ - add_kubernetes_metadata: ~