• FileBeat 实战

    序言

    实际处理过程中的一些应用配置cuiyaonan2000@163.com

    参考信息:

    1. Change the output codec | Filebeat Reference [7.17] | Elastic

    原始FileBeat的输入结构

    1. {
    2. 	"@timestamp": "2022-08-16T06:48:44.846Z",
    3. 	"@metadata": {
    4. 		"beat": "filebeat",
    5. 		"type": "_doc",
    6. 		"version": "7.14.0"
    7. 	},
    8. 	"message": "2022-08-10 17:37:27.449 [] INFO  c.netflix.discovery.DiscoveryClient [929] - Completed shut down of DiscoveryClient",
    9. 	"input": {
    10. 		"type": "log"
    11. 	},
    12. 	"ecs": {
    13. 		"version": "1.10.0"
    14. 	},
    15. 	"host": {
    16. 		"ip": [
    17. 			"192.168.137.100",
    18. 			"fe80::91ba:8fe:7b85:759b",
    19. 			"172.17.0.1",
    20. 			"fe80::42:d8ff:fecd:466a",
    21. 			"fe80::cce1:cdff:fe00:20fe",
    22. 			"fe80::455:a9ff:fe61:152d"
    23. 		],
    24. 		"mac": [
    25. 			"00:0c:29:6a:28:0a",
    26. 			"02:42:d8:cd:46:6a",
    27. 			"ce:e1:cd:00:20:fe",
    28. 			"06:55:a9:61:15:2d"
    29. 		],
    30. 		"hostname": "localhost.localdomain",
    31. 		"name": "localhost.localdomain",
    32. 		"architecture": "x86_64",
    33. 		"os": {
    34. 			"platform": "centos",
    35. 			"version": "7 (Core)",
    36. 			"family": "redhat",
    37. 			"name": "CentOS Linux",
    38. 			"kernel": "3.10.0-1127.el7.x86_64",
    39. 			"codename": "Core",
    40. 			"type": "linux"
    41. 		},
    42. 		"id": "6aa46651a03248cdb16aedf495777b4a",
    43. 		"containerized": false
    44. 	},
    45. 	"agent": {
    46. 		"name": "localhost.localdomain",
    47. 		"type": "filebeat",
    48. 		"version": "7.14.0",
    49. 		"hostname": "localhost.localdomain",
    50. 		"ephemeral_id": "dd03f7db-d1c7-4e94-a611-06660c119476",
    51. 		"id": "8dc54ac8-aa86-4166-9aed-eb3ccaafaaf7"
    52. 	},
    53. 	"log": {
    54. 		"offset": 458376,
    55. 		"file": {
    56. 			"path": "/soft/cuiyaonan-logs/3.log"
    57. 		}
    58. 	}
    59. }

    控制output格式内容

    1. output.console:
    2.   codec.format:
    3.     string: '%{[@timestamp]} %{[message]}'
    4.  
    5.  
    6.  
    7. #注释掉这些增强型的信息
    8. processors:
    9. #  - add_host_metadata:
    10. #      when.not.contains.tags: forwarded
    11. #  - add_cloud_metadata: ~
    12. #  - add_docker_metadata: ~
    13. #  - add_kubernetes_metadata: ~
    14.  - drop_fields:
    15.       fields: ["host", "log","agent","ecs","input"]

    合并多行

    修改input的如下选择:

    • multiline.pattern: 指定正则表达式匹配
    • multiline.negate: 匹配模式选择
    • multiline.match: 向前合并or向后合并
    • multiline.flush_pattern: 指定正则表达式,如果匹配则从内存中刷新当前行。
    • multiline.max_lines:最大合并行数,如果超过,超过部分将丢弃,默认500。
    • multiline.timeout: 合并行超时时间,默认5秒。这个会导致日志最后一行的延迟。
    multiline.negatemultiline.match效果
    falseafter如果匹配,被追加前一行的后面
    falsebefore如果匹配,被追加下一行的前面
    trueafter如果不匹配,被追加前一行的后面
    truebefore如果不匹配,被追加下一行的前面

  • 相关阅读:
    加载数据列为空值时 format 取值为 3 和 5 的处理不同
    Docker镜像文件介绍启动tomcat
    轻量级神经网络算法-SqueezeNet
    第3关:Client连接及状态
    【C++】string类
    汽车tbox车联网系统终端
    js绘制的漂亮玫瑰曲线rose curve
    Anaconda和Python的区别
    八股文第十六天
    阿里云linux服务器:能ping通但是无法访问tomcat
  • 原文地址:https://blog.csdn.net/cuiyaonan2000/article/details/126366257