filebeat.inputs:
- type: log #默认log,从日志文件读取每一行。stdin,从标准输入读取
paths:
- /data/log/service-thymeleaf.log
multiline.pattern: '^d{4}-d{2}-d{2}sd{2}:d{2}:d{2}' #匹配的正则
multiline.negate: true #多行匹配模式后配置的模式是否取反,默认false
multiline.match: after #定义多行内容被添加到模式匹配行之后还是之前,默认无,可以被设置为after或者before
fields:
index: "service-thymeleaf"
- type: log #默认log,从日志文件读取每一行。stdin,从标准输入读取
paths:
- F:/test/service-es.log
multiline.pattern: '^d{4}-d{2}-d{2}sd{2}:d{2}:d{2}' #匹配的正则
multiline.negate: true #多行匹配模式后配置的模式是否取反,默认false
multiline.match: after #定义多行内容被添加到模式匹配行之后还是之前,默认无,可以被设置为after或者before
fields:
index: "service-es"
setup.template.name: "my-log"
setup.template.pattern: "my-log-*"
output.elasticsearch:
hosts: ["localhost:9200"]
indices:
- index: "service-thymeleaf-%{+yyyy.MM.dd}"
when.contains:
fields:
index: "service-thymeleaf"
- index: "service-es-%{+yyyy.MM.dd}"
when.contains:
fields:
index: "service-es"
pipeline: "timestamp-pipeline-id"
document_type: log #该type会被添加到type字段,对于输出到ES来说,这个输入时的type字段会被存储,默认log
max_retries: 3 #ES重试次数,默认3次,超过3次后,当前事件将被丢弃