1、filebeat windows版
filebeat.inputs:
- type: log
enabled: true
paths:
- C:logs*.log
multiline.pattern: '^[0-9]{4}-[0-9]{2}-[0-9]{2}'
multiline.negate: true
multiline.match: "after"
tags: ["winlog"]
output.elasticsearch:
hosts: ["192.168.60.164:9200"]
indices:
- index: "winlog-%{+yyyy.MM}"
when.contains:
tags: "winlog"
2、windows 开机自启,C:ProgramDataMicrosoftWindowsStart MenuProgramsStartup
@echo off cd "C:filebeat-7.5.1-windows-x86_64filebeat-7.5.1-windows-x86_64" net start filebeat @pause