Filebeat实例06-使用多行合并采集redis日志

ES集群地址

10.0.0.91:9200
10.0.0.92:9200
10.0.0.93:9200

启用模块

root@elk92:~# filebeat modules enable redis

多行匹配官网说明

https://www.elastic.co/guide/en/beats/filebeat/current/multiline-examples.html

Filebeat实例

#编写示例采集文件
root@elk92:~# vim /etc/filebeat/config/06-filestream-redis-to-es.yaml
filebeat.inputs:
- type: filestream
  paths:
    - /var/log/redis/redis-server.log*
  # 配置解析器
  parsers:
    # 定义多行匹配
  - multiline:
      # 指定匹配的类型
      type: pattern
      # 定义匹配模式
      pattern: '^\d'
      # 参考官网: https://www.elastic.co/guide/en/beats/filebeat/current/multiline-examples.html
      negate: true
      match: after

#output.console:
#  pretty: true
output.elasticsearch:
  hosts:
  - 10.0.0.91:9200
  - 10.0.0.92:9200
  - 10.0.0.93:9200
  index: dezyan-filestream-mysql-%{+yyyy.MM.dd}

setup.ilm.enabled: false
setup.template.name: "dezyan"
setup.template.pattern: "dezyan-*"


#开始采集
[root@elk93 ~]# filebeat -e -c /etc/filebeat/config/06-filestream-redis-to-es.yaml
posted @ 2025-03-24 16:31  丁志岩  阅读(72)  评论(0)    收藏  举报