Filebeat实例07-使用多行合并采集tomcat错误日志
ES集群地址
10.0.0.91:9200
10.0.0.92:9200
10.0.0.93:9200
Filebeat实例
root@elk92:~# vim /etc/filebeat/config/07-modules-tomcat-err-to-es.yaml
filebeat.inputs:
- type: filestream
paths:
- /usr/local/apache-tomcat-11.0.5/logs/catalina*
parsers:
- multiline:
type: pattern
pattern: '^\d'
negate: true
match: after
output.elasticsearch:
hosts:
- 10.0.0.91:9200
- 10.0.0.92:9200
- 10.0.0.93:9200
index: dezyan-filestream-tomcat-err-%{+yyyy.MM.dd}
setup.ilm.enabled: false
setup.template.name: "dezyan"
setup.template.pattern: "dezyan-*"
root@elk92:~# filebeat -e -c /etc/filebeat/config/07-modules-tomcat-err-to-es.yaml
本文来自博客园,作者:丁志岩,转载请注明原文链接:https://www.cnblogs.com/dezyan/p/18789670
浙公网安备 33010602011771号