1.收集多日志到ES
1)方式一:
[root@web01 ~]# vim /etc/filebeat/filebeat.yml
filebeat.inputs:
- type: log
enable: true
paths:
- /var/log/nginx/access.log
json.keys_under_root: true
json.overwrite_keys: true
- type: log
enable: true
paths:
- /var/log/messages
output.elasticsearch:
hosts: ["10.0.0.51:9200"]
indices:
- index: "nginx_%{+YYYY-MM-dd}"
when.contains:
source: "/var/log/nginx/access.log"
- index: "message_%{+YYYY-MM-dd}"
when.contains:
source: "/var/log/messages"
setup.template.enabled: false
setup.template.name: "nginx"
setup.template.pattern: "nginx-*"
2)方式二:
[root@web01 ~]# vim /etc/filebeat/filebeat.yml
filebeat.inputs:
- type: log
enable: true
paths:
- /var/log/nginx/access.log
json.keys_under_root: true
json.overwrite_keys: true
tags: ["nginx"]
- type: log
enable: true
paths:
- /var/log/messages
tags: ["messages"]
output.elasticsearch:
hosts: ["10.0.0.51:9200"]
indices:
- index: "nginx_%{+YYYY-MM-dd}"
when.contains:
tags: "nginx"
- index: "message_%{+YYYY-MM-dd}"
when.contains:
tags: "messages"
setup.template.enabled: false
setup.template.name: "nginx"
setup.template.pattern: "nginx-*"