#=========================== Filebeat inputs =============================
filebeat.inputs:
- type: log
enabled: true #默认为false,修改为true则启用该配置
paths:
- /home/logs/*.log
fields:
filetype: test1 #自定义字段,用来区分多个类型日志
fields_under_root: true #如果该选项设置为true,则新增fields成为顶级目录,而不是将其放在fields目录下
#============================= Filebeat modules ===============================
filebeat.config.modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
#==================== Elasticsearch template setting ==========================
setup.template.settings:
index.number_of_shards: 1
#index.codec: best_compression
#_source.enabled: false
#================================ Outputs =====================================
#直接将log数据传输到Elasticsearch
#-------------------------- Elasticsearch output ------------------------------
output.elasticsearch:
# Array of hosts to connect to.
hosts: ["localhost:9200"]
username: "elastic"
password: "elastic"
#----------------------------- Logstash output --------------------------------
#将log数据传输到logstash
#先启动logstash,不然的话filebeat会找不到logstash的5044端口
output.logstash:
# The Logstash hosts
hosts: ["localhost:5044"]