Beat的简单使用
Filebeat配置
Output
常见日志格式封装
简单使用filebeat格式化nginx日志
Filebeat的配置:
# 修改filebeat.yml
# vim filebeat.yml
filebeat.prospectors:
- input_type: stdin
paths:
- /var/log/*.log
output.console:
pretty: true
output.elasticsearch:
hosts: ["localhost:9200"]
测试输入两条数据
Nginx日志示例:
[root@es01 filebeat-5.6.4-linux-x86_64]# head -3 account.log
realip:- -- slbip:1.1.1.1 - - [28/Apr/2019:20:10:25 +0800] - - "GET /api/v2/accounts?brand=filmora&product=null&platform=win&zone=intl&lang=en-us&callback=filmora.WSVEClientFunction&redirect=&web=&country=PHL&success=&remember=1&account_type=email&account_keep=&alt=&client=d35ba1ad127348a1b68824d1b5f28dc2&verify=&app_key=null&oauth_type=6&action=login&prev_route=&uid=&avatar=https%3A%2F%2Flh5.googleusercontent.com%2F-li6bKNTlIZY%2FAAAAAAAAAAI%2FAAAAAAAAACI%2FLejp5PZC4mY%2Fphoto.jpg&oauth_id=112094094530982103189&token=&operate_type=check_email&email=dariusfumera4%40gmail.com HTTP/1.1" 200 56 "https://account.wondershare.com/auth/account" "CEF3.3538.1852.win64/QCefView 1.0 (Windows; en-us) wondershare_filmora_win" 0.032
realip:- -- slbip:1.1.1.1 - - [28/Apr/2019:20:10:25 +0800] - - "GET /api/v2/tokens HTTP/1.1" 200 59 "-" "Wondershare%20Filmora/8.7.6 CFNetwork/811.11 Darwin/16.7.0 (x86_64)" 0.009
realip:- -- slbip:1.1.1 - - [28/Apr/2019:20:10:25 +0800] - - "GET /api/v2/resources?app_key=80d35a7ee5e9479819205f32ba13ede6&brand_id=1&limit=500&operate_type=get_order_list&product_id=846%2C718×tamp=1556453425&uid=210198047&sign=2371f4f01c31f5078736e5b1b3fa19ca HTTP/1.1" 200 668 "-" "-" 0.057
# 将这几条数据格式化输出
[root@es01 filebeat-5.6.4-linux-x86_64]# head -n 3 account.log |./filebeat -e -c filebeat.yml
