filebeat一台主机多项目得配置

我们需要将不同日志写到不同得elasticsearch得不同index中，但是一台机器只能启动一个filebeat（相对而言）
可以用如下配置
以下配置基于filebeat7.5.0

=========================== Filebeat inputs =============================

filebeat.inputs:

• type: log
  enabled: true
  paths:
  • /home/S2B/nginx/nginx/logs/access.log
    json.keys_under_root: true
    json.overwrite_keys: true
    fields:
    name: nginx-access
• type: log
  enabled: true
  paths:
  • /home/S2B/nginx/nginx/logs/error.log
    fields:
    name: nginx-error

============================= Filebeat modules ===============================

filebeat.config.modules:

Glob pattern for configuration loading

path: ${path.config}/modules.d/*.yml

==================== Elasticsearch template setting ==========================

setup.template.settings:
index.number_of_shards: 1

index.codec: best_compression

_source.enabled: false

setup.template.name: "log-"
setup.template.pattern: "log-*"
setup.ilm.enabled: false

================================ Outputs =====================================

Configure what output to use when sending the data collected by the beat.

-------------------------- Elasticsearch output ------------------------------

output.elasticsearch:

Array of hosts to connect to.

hosts: ["10.129.6.109:9200"]

Optional protocol and basic auth credentials.

protocol: "https"

username: "elastic"

password: "changeme"

username: "elastic"
password: "1q2w3e4r"
index: "log-%{[fields][name]}-%{+yyyy-MM-dd}"

----------------------------- Logstash output --------------------------------

output.logstash:

The Logstash hosts

hosts: ["localhost:5044"]

Optional SSL. By default is off.

List of root certificates for HTTPS server verifications

ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]

Certificate for SSL client authentication

ssl.certificate: "/etc/pki/client/cert.pem"

Client Certificate Key

ssl.key: "/etc/pki/client/cert.key"

相当于给不同日志定义个列 叫name通过这个name直接筛选属于哪一个index，并且按天分片。