filebeat按docker容器名创建不同的索引
直接看配置:
processors:
- add_cloud_metadata: ~
- add_docker_metadata: ~
- drop_event:
when.or:
- equals:
container.name: "filebeat"
- equals:
container.name: "kibana"
- equals:
container.name: "es"
- equals:
container.name: "redis"
- equals:
container.name: "elastalert"
- equals:
container.name: "mysql"
- equals:
container.name: "traefik"
# - add_fields:
# target: ''
# fields:
# ip: '${serverIP}'
filebeat.inputs:
- type: docker
combine_partial: true
containers:
path: "/var/lib/docker/containers"
ids: "*"
multiline.pattern: '^\d{4}-\d{2}-\d{2}'
multiline.negate: true
multiline.match: after
# - type: log
# enable: true
# paths:
# - /var/log/yum.log
# - type: container
# combine_partial: true
# paths:
# - '/var/lib/docker/containers/*/*.log'
filebeat.config:
modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
output.elasticsearch:
hosts: 'es:9200'
username: "elastic"
password: "密码"
#这里为输出新增代码
indices:
- index: "docker-%{[container.name]}-%{+yyyy.MM}"
setup.kibana:
host: "kibana:5601"
#主要是这个配置(filebeat版本7+)
setup.template.name: "docker"
setup.template.pattern: "docker-*"
setup.template.enabled: true
setup.template.overwrite: true
setup.ilm.enabled: false
============ 欢迎各位老板打赏~ ===========
与本文相关的文章
- · Amazon Linux 2023 安装Docker和Docker Compose
- · 修改Docker的默认网段
- · docker定时任务Mysql脚本
- · 解决Linux实例磁盘空间满问题
- · failed to fetch metadata: fork/exec /home/appuser/.docker/cli-plugins/docker-buildx: exec format error
- · Docker登录login报错Error saving credentials
- · docker安装mysql8注意事项
- · 黑群晖docker无法pull镜像,x509错误解决方法
- · k3s+kuboard快速搭建K8s生产环境集群
- · ELK/EFK中ES使用IK分词器的方式步骤
- · 解决es报错:blocked by: [FORBIDDEN/12/index read-only / allow delete (api) ]
- · traefik负载均衡/滚动升级
