filebeat整合docker

1、新建filebeat.yml的配置文件

用于指定Filebeat如何收集和传输日志数据。

filebeat.inputs:
- type: docker
  enabled: true
  containers.ids:
    - "*"
  #include_lines: ['OperationLogger(.*)']
  processors:
    - dissect:
        tokenizer: "%{timestamp}+%{timezone} %{log_level} --- [%{theardId}]%{class} : [%{title}][%{json}]"
        field: "message"
        target_prefix: "dissect"
    - decode_json_fields:
        fields: ["dissect.json"]
        process_array: false
        max_depth: 3
        target: "option"
        overwrite_keys: false
        add_error_key: true
    - add_fields:
        target: 'pc'
        fields:
          dockername: "${data.docker.container.name}"
          hostname: "${host.name}"
output.elasticsearch:
  hosts: ["192.168.2.216:9200"]
  indices:
    - index: "option-logger"
      when.contains:
        dissect.title: "OperationLogger"

 

2、 创建Docker Compose文件

version: "3"
services:
  filebeat:
    image: docker.elastic.co/beats/filebeat:7.14.0
    user: root
    volumes:
      - ./filebeat.yml:/usr/share/filebeat/filebeat.yml
      - /var/run/docker.sock:/var/run/docker.sock
      - /var/lib/docker/containers:/var/lib/docker/containers
    command: filebeat -e
    restart: always

 

3、启动容器

docker-compose up -d

 

4、查看日志