ELK+Filebeat (2)

ELK+Filebeat收集多台机器不同日志

采坑:在使用了6.0版本的ELK以后,使用如上配置,if [type]匹配不到在filebeat里面使用document_type定义的字符串。在多次调试和询问后,发现在6.0版本以上已经取消了document_type的定义。如果要实现以上的配置只能使用如下配置

Logstash 配置

[root@Kibana ~]# cat /usr/local/logstash/conf.d/beats.conf 
input {
  beats {
    port => 5044
  }
}
output {
    if [fields][service] == 'Tomcat'{ 
        elasticsearch {
                hosts => ["192.168.1.202:9200"]
		index => "tomcat-%{+YYYY.MM.dd}"
        }
    }
    if [fields][service] == 'Auth'{ 
        elasticsearch {
                hosts => ["192.168.1.202:9200"]
		index => "auth-%{+YYYY.MM.dd}"
        }
    }
    if [fields][service] == 'App'{
        elasticsearch {
                hosts => ["192.168.1.202:9200"]
                index => "app-%{+YYYY.MM.dd}"
        }
    }
    if [fields][service] == 'microservice'{
        elasticsearch {
                hosts => ["192.168.1.202:9200"]
                index => "microservice-%{+YYYY.MM.dd}"
        }
    }
}

  

Filebeat 配置 

[root@mos-node1 filebeat]# cat filebeat.yml 
filebeat.prospectors:
- input_type: log
  paths:
    - /var/log/uusafe/*/*/server.log
  exclude_lines: ["^DBG","^$"] 
  fields:
    service: microservice
output.logstash:
  hosts: ["192.168.1.197:5044"]
  enabled: true
  worker: 1 
  compression_level: 3
  loadbalance: true

  

 

posted @ 2018-10-09 18:15  阿进,fighting  阅读(427)  评论(0编辑  收藏  举报