elasticsearch Filebeat|如何为不同的日志路径定义唯一的索引？

ycggw6v2 于 5个月前发布在 ElasticSearch

关注(0)|答案(2)|浏览(61)

我从两个不同的路径收集日志：

/var/log/containers/*.log
/var/log/agents/*.log

我希望每个路径的文件都将被发送到elasticsearch中的不同索引。我尝试定义filebeat配置如下：

output.elasticsearch:
    protocol: http
    hosts: ["elasticsearch:9200"]
    compression_level: 1
    indices:
    - index: "agent-logs"
      when:
       contains:
        log.file.path: "/var/log/agents/*.log"
    - index: "container-logs"
      when:
       contains:
        log.file.path: "/var/log/containers/*.log"

字符串
我也试过：

output.elasticsearch:
    protocol: http
    hosts: ["elasticsearch:9200"]
    compression_level: 1
    indices:
    - index: "agent-logs"
      when.contains:
        log.file.path: "/var/log/agents/*.log"
    - index: "container-logs"
      when.contains:
        log.file.path: "/var/log/containers/*.log"

型
以及：

output.elasticsearch:
    protocol: http
    hosts: ["elasticsearch:9200"]
    compression_level: 1
    indices:
    - index: "agent-logs"
      when.equals:
        log.file.path: "/var/log/agents/*.log"
    - index: "container-logs"
      when.equals:
        log.file.path: "/var/log/containers/*.log"

型
但好像什么都不管用。请帮帮忙！
谢谢你

elasticsearch

来源：https://stackoverflow.com/questions/77580434/filebeat-how-to-define-a-unique-index-for-different-log-paths

2条答案

按热度按时间

vfwfrxfs1#

TLDR;

equals和contains不支持glob模式。您可能需要查看regexp？或其他不同的值。

解决方案

这可能会更好地工作：

output.elasticsearch:
    protocol: http
    hosts: ["elasticsearch:9200"]
    compression_level: 1
    indices:
    - index: "agent-logs"
      when:
       contains:
        log.file.path: "agents"
    - index: "container-logs"
      when:
       contains:
        log.file.path: "containers"

字符串

赞(0）回复(0）举报 5个月前

edqdpe6u2#

非常感谢你的回答！但是我还有一个问题..
这是完整的配置文件：

filebeat.autodiscover:
     providers:
      - type: kubernetes
        hints.enabled: true
        hints.default_config:
          enabled: false
          type: container
          paths:
            - /var/log/containers/*.log  # CRI path
            - /var/log/agents/*.log

  output.elasticsearch:
    protocol: http
    hosts: ["elasticsearch:9200"]
    compression_level: 1
    indices:
    - index: "agent-logs"
      when:
       contains:
        log.file.path: "agents"
    - index: "container-logs"
      when:
       contains:
        log.file.path: "containers"

字符串
我也尝试了这个配置，但是当我运行这个配置时，我只得到代理日志：

filebeat.autodiscover:
    providers:
      - type: kubernetes
        hints.enabled: true
        hints.default_config:
          enabled: false
          type: container
          paths:
            - /var/log/containers/*.log
  filebeat.inputs:
   - type: filestream
     id: agent-filestream
     paths:
      - "/var/log/agents/*.log"

  output.elasticsearch:
    protocol: http
    hosts: ["elasticsearch:9200"]
    compression_level: 1
    indices:
    - index: "container-logs"
      when:
       contains:
        log.file.path: "containers"
    - index: "agent-logs"
      when:
       contains:
        log.file.path: "agents"

型
你觉得怎么样？

赞(0）回复(0）举报 5个月前

我来回答

elasticsearch Filebeat|如何为不同的日志路径定义唯一的索引？

2条答案

TLDR;

解决方案

相关问题

热门标签

最新问答