filebeat多个key

filebeat.prospectors:
- type: log
paths:
- D:\logs\iis\W3SVC2\*.log
exclude_lines: ['^#']
multiline:
pattern: '^20'
negate: true
match: after
fields:
system: qpg-zddd-iis
servicename: iis-16
level: info
- type: log
paths:
- D:\logs\KYERPAPI-8080\GZTX-ZDDD-IIS1\*\KYERPAPI-8080_info*.txt
encoding: utf-8
exclude_lines: ['^=']
multiline:
pattern: '^info'
negate: true
match: after
fields:
system: qpg-zddd-asmapi
servicename: kyeapi-16
level: info
- type: log
paths:
- D:\logs\KYERPAPI-8080\GZTX-ZDDD-IIS1\*\KYERPAPI-8080_error*.txt
encoding: utf-8
exclude_lines: ['^=']
multiline.pattern: '^error'
multiline.negate: true
multiline.match: after
fields:
system: qpg-zddd-asmapi
servicename: kyeapi-16
level: error
filebeat.config.modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false

#==================== Elasticsearch template setting ==========================
setup.template.settings:
index.number_of_shards: 3
#=============================== output =======================================
#输出到kafka
output.kafka:
enabled: true
hosts: ["*******:9092"]
topic: '%{[fields][system]}'

posted @ 2019-01-17 14:39  鸾舞春秋  阅读(403)  评论(0编辑  收藏  举报