filebeat es入库

1、apache配置日志格式

LogFormat "{ \
\"@timestamp\": \"%{%Y-%m-%dT%H:%M:%S%z}t\", \
\"@version\": \"1\", \
\"tags\":[\"apache\"], \
\"message\": \"%h %l %u %t \\\"%r\\\" %>s %b\", \
\"clientip\": \"%a\", \
\"duration\": %D, \
\"status\": %>s, \
\"request\": \"%U%q\", \
\"urlpath\": \"%U\", \
\"urlquery\": \"%q\", \
\"bytes\": %B, \
\"method\": \"%m\", \
\"site\": \"%{Host}i\", \
\"referer\": \"%{Referer}i\", \
\"useragent\": \"%{User-agent}i\" \
}" apache_json

 CustomLog "logs/access.log" apache_json

2、filebeat.yml配置

- type: log

# Change to true to enable this prospector configuration.
enabled: true

# Paths that should be crawled and fetched. Glob based paths.
encoding: GB2312
paths:
- D:\phpStudy\PHPTutorial\Apache\logs\access.log
#- c:\programdata\elasticsearch\logs\*

output.elasticsearch:
# Array of hosts to connect to.
hosts: ["127.0.0.1:9200"]

# Optional protocol and basic auth credentials.
#protocol: "https"
#username: "elastic"
#password: "changeme"

index: "filebeat-%{[agent.version]}-%{+yyyy.MM.dd}"

3、运行

.\filebeat -e -c filebeat.yml