filebeat采集log日志，并自定义索引

filebeat配置：

filebeat.inputs:

# Each - is an input. Most options can be set at the input level, so
# you can use different inputs for various configurations.
# Below are the input specific configurations.

# filestream is an input for collecting log messages from files.
- type: log

  # Change to true to enable this input configuration.
  enabled: true

  # Paths that should be crawled and fetched. Glob based paths.
  paths:
    - /home/elk/logs/info.log
  fields: 
    source: info
- type: log
  enabled: true
  paths: 
    - /home/elk/logs/error.log
  fields: 
    source: error

自定义模板设置

setup.template.enabled: false
setup.template.name: "spring"
setup.template.pattern: "spring-*"
setup.template.overwrite: true
setup.ilm.enabled: false

自定义索引配置：

output.elasticsearch:
  # Array of hosts to connect to.
  hosts: ["192.168.108.200:9200"]
  index: "spring-%{[fields.source]}-*"
  indices:
    - index: "spring-info-%{+yyyyMMdd}" 
      when.equals: 
        fields: 
          source: "info"
    - index: "spring-error-%{+yyyyMMdd}"
      when.equals:
        fields: 
          source: "error"

输出到ES效果：

 

 如果各索引显示yellow，则设置：

PUT _settings
{
  "index":{
    "number_of_replicas":0
  }
}