ELK之filebeat收集多日志并拆分

官方链接：日志拆分

#=========================== Filebeat inputs =============================
filebeat.inputs:
- type: log
  enabled: true
  paths:
    - /usr/local/gwt/nginx/logs/*access.log
  tags: ["access"]
  json.keys_under_root: true
  json.add_error_key: true

- type: log
  enabled: true
  paths:
    - /usr/local/gwt/nginx/logs/*error.log
  tags: ["error"]

#-------------------------- Elasticsearch output ------------------------------
output.elasticsearch:
  # Array of hosts to connect to.
  hosts: ["192.168.31.234:9200"]
  indices:
    - index: nginx-access-%{[beat.version]}-%{+yyyy.MM}
      when.contains:
        tags: "access"
    - index: nginx-error-%{[beat.version]}-%{+yyyy.MM}
      when.contains:
        tags: "error"

setup.template.name: "nginx-"
setup.template.pattern: "nginx-*"
setup.template.enabled: false
setup.template.overwrite: true