filebeat+es+kibana搭建攻略

1.首先多索引的filebeat.yml配置如下

并且采集的时候多行日志处理成一行：

multiline.pattern: ^\[  不以[开头的都被合并到上一行
multiline.negate: true 不匹配pattern的都合并到上一行
multiline.match: after 合并到上一行的末尾

filebeat.inputs:

- type: log

  paths:
    - /admin/logs/deviceserver.js/biz*.log
  fields:
    index: 'biz'
  multiline.pattern: ^\[
  multiline.negate: true
  multiline.match: after

- type: log
  paths:
    - /admin/logs/deviceserver.js/deviceserver*.log
  fields:
    index: 'device'
  multiline.pattern: ^\[
  multiline.negate: true
  multiline.match: after
#============================= Filebeat modules ===============================

filebeat.config.modules:
  path: ${path.config}/modules.d/*.yml

  reload.enabled: false
#==================== Elasticsearch template setting ==========================

setup.template.settings:
  index.number_of_shards: 1

#-------------------------- Elasticsearch output ------------------------------
output.elasticsearch: