log-pilot中的filebeat采集tomcat日志多行日志输出修改

1、官网下载或克隆log-pilot项目  github地址:https://github.com/AliyunContainerService/log-pilot

2、修改filebeat.tpl文件

[root@dev-k8s-node03 log-pilot]# ls
log-pilot-master  log-pilot-master.zip
[root@dev-k8s-node03 log-pilot]# pwd
/opt/dockerfile/log-pilot
[root@dev-k8s-node03 log-pilot]# ls
log-pilot-master  log-pilot-master.zip
[root@dev-k8s-node03 log-pilot]# cd log-pilot-master/
[root@dev-k8s-node03 log-pilot-master]# ls
assets  build-image.sh       Dockerfile.fluentd  examples    Gopkg.toml  LICENSE  MAINTAINERS  pilot       README.md
build   Dockerfile.filebeat  docs                Gopkg.lock  hack        main.go  Makefile     quickstart  vendor
[root@dev-k8s-node03 log-pilot-master]# cd assets/f
filebeat/ fluentd/  
[root@dev-k8s-node03 log-pilot-master]# cd assets/filebeat/
[root@dev-k8s-node03 filebeat]# ls
config.filebeat  filebeat.tpl
[root@dev-k8s-node03 filebeat]# cat filebeat.tpl 
{{range .configList}}
- type: log
  enabled: true
  paths:
      - {{ .HostDir }}/{{ .File }}
  multiline.pattern: '^s*(d{4}|d{2})-(d{2}|[a-zA-Z]{3})-(d{2}|d{4})'   #新增正则条件
  multiline.negate: true                                             #新增
  multiline.match: after                                             #新增
  multiline.max_lines: 10000                                         #新增            
  multiline.timeout: 15s                                             #新增
  scan_frequency: 10s
  fields_under_root: true
  {{if .Stdout}}
  docker-json: true
  {{end}}
  {{if eq .Format "json"}}
  json.keys_under_root: true
  {{end}}
  fields:
      {{range $key, $value := .CustomFields}}
      {{ $key }}: {{ $value }}
      {{end}}
      {{range $key, $value := .Tags}}
      {{ $key }}: {{ $value }}
      {{end}}
      {{range $key, $value := $.container}}
      {{ $key }}: {{ $value }}
      {{end}}
  {{range $key, $value := .CustomConfigs}}
  {{ $key }}: {{ $value }}
  {{end}}
  tail_files: false
  close_inactive: 2h
  close_eof: false
  close_removed: true
  clean_removed: true
  close_renamed: false

{{end}}
[root@dev-k8s-node03 filebeat]#

3、重新构建镜像,(可选:重命名镜像,推送自己私有仓库)

[root@dev-k8s-node03 log-pilot-master]# cat build-image.sh 
#!/usr/bin/env bash
#
# build docker image
#

build()
{
    echo -e "building image: log-pilot:latest
"

    docker build -t registry.cn-xxxxxx.com/base-images/log-pilot:v0.9.7-filebeat-multiline -f Dockerfile.$1 .
}

case $1 in
fluentd)
    build fluentd
    ;;
*)
    build filebeat
    ;;
esac
[root@dev-k8s-node03 log-pilot-master]# ./build-image.sh 
[root@dev-k8s-node03 log-pilot-master]# docker push registry.cn-xxxxxxx.com/base-images/log-pilot:v0.9.7-filebeat-multiline

  

【推广】 免费学中医,健康全家人
原文地址:https://www.cnblogs.com/chenjinxi/p/13340693.html