filebeat整合docker
1、新建filebeat.yml的配置文件
用于指定Filebeat如何收集和传输日志数据。
filebeat.inputs: - type: docker enabled: true containers.ids: - "*" #include_lines: ['OperationLogger(.*)'] processors: - dissect: tokenizer: "%{timestamp}+%{timezone} %{log_level} --- [%{theardId}]%{class} : [%{title}][%{json}]" field: "message" target_prefix: "dissect" - decode_json_fields: fields: ["dissect.json"] process_array: false max_depth: 3 target: "option" overwrite_keys: false add_error_key: true - add_fields: target: 'pc' fields: dockername: "${data.docker.container.name}" hostname: "${host.name}" output.elasticsearch: hosts: ["192.168.2.216:9200"] indices: - index: "option-logger" when.contains: dissect.title: "OperationLogger"
2、 创建Docker Compose文件
version: "3" services: filebeat: image: docker.elastic.co/beats/filebeat:7.14.0 user: root volumes: - ./filebeat.yml:/usr/share/filebeat/filebeat.yml - /var/run/docker.sock:/var/run/docker.sock - /var/lib/docker/containers:/var/lib/docker/containers command: filebeat -e restart: always
3、启动容器
docker-compose up -d
4、查看日志