我正在尝试在k8s集群上配置filebeat代理,以将所有日志从两个不同的路径发送到弹性:
1./var/logs/containers/.log
1./var/logs/agents/.log
我尝试编写配置文件,但日志只能从/var/logs/containers/*.log传递
这是完整的配置文件:
filebeat.autodiscover:
providers:
- type: kubernetes
hints.enabled: true
hints.default_config:
enabled: false
type: container
paths:
- /var/log/containers/*.log # CRI path
- /var/log/agents/*.log
output.elasticsearch:
protocol: http
hosts: ["elasticsearch:9200"]
compression_level: 1
indices:
- index: "agent-logs"
when:
contains:
log.file.path: "agents"
- index: "container-logs"
when:
contains:
log.file.path: "containers"字符串
我也尝试了这个配置,但是当我运行这个配置时,我只得到代理日志:
filebeat.autodiscover:
providers:
- type: kubernetes
hints.enabled: true
hints.default_config:
enabled: false
type: container
paths:
- /var/log/containers/*.log
filebeat.inputs:
- type: filestream
id: agent-filestream
paths:
- "/var/log/agents/*.log"
output.elasticsearch:
protocol: http
hosts: ["elasticsearch:9200"]
compression_level: 1
indices:
- index: "container-logs"
when:
contains:
log.file.path: "containers"
- index: "agent-logs"
when:
contains:
log.file.path: "agents"型
请帮帮忙!谢谢!
1条答案
按热度按时间pxiryf3j1#
我最终设法解决了它,这是正确的配置文件:
字符串