主要filebeat配置:

#采集器

filebeat.prospectors:

  • input_type: log
    paths:
    • /var/log/rsyncd.log
  • input_type: log
    paths:
    • /var/log/messages
      fields:
      syslog: messages
      fields_under_root: true

#输出到es配置
output.elasticsearch:
hosts: ["10.211.121.75:9200","10.211.121.73:9200","10.211.121.74:9200"]
index: "logstashrsync%{+YYYY.MM.dd}"
indices:

  • index: "messages-%{+yyyy.MM.dd}"
    when.contains:
    syslog: messages #通过此处来将message日志写入到message 的index

    username: "elastic"
    password: "12345"

logging.level: warning