请问新的filebeat 6.1怎么实现日志分类?像下面的配置,使logstash 按分类日志处理,产生不同的index.?
###################filebeat config##############
filebeat.prospectors:
- input_type: log
paths: - /usr/local/nginx/logs/zixun.oupeng.com.access.log
document_type: zixun-nginx-access
- input_type: log
paths: - /usr/local/nginx/logs/water.oupeng.com.access.log
document_type: water-nginx-access
##########logstash config####################
input {
beats {
port => 5044
codec => "json"
}
}
output {
if [type] == "zixun-nginx-access" {
elasticsearch {
hosts => ["192.168.3.56:9200","192.168.3.49:9200","192.168.3.57:9200"]
index => "zixun-nginx-access-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
template_overwrite => true
}}
if [type] == "water-nginx-access" {
elasticsearch {
hosts => ["192.168.3.56:9200","192.168.3.49:9200","192.168.3.57:9200"]
index => "water-nginx-access-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
template_overwrite => true
}}
###################filebeat config##############
filebeat.prospectors:
- input_type: log
paths: - /usr/local/nginx/logs/zixun.oupeng.com.access.log
document_type: zixun-nginx-access
- input_type: log
paths: - /usr/local/nginx/logs/water.oupeng.com.access.log
document_type: water-nginx-access
##########logstash config####################
input {
beats {
port => 5044
codec => "json"
}
}
output {
if [type] == "zixun-nginx-access" {
elasticsearch {
hosts => ["192.168.3.56:9200","192.168.3.49:9200","192.168.3.57:9200"]
index => "zixun-nginx-access-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
template_overwrite => true
}}
if [type] == "water-nginx-access" {
elasticsearch {
hosts => ["192.168.3.56:9200","192.168.3.49:9200","192.168.3.57:9200"]
index => "water-nginx-access-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
template_overwrite => true
}}
0 个回复