filebeat按docker容器名创建不同的索引
直接看配置:
processors:
- add_cloud_metadata: ~
- add_docker_metadata: ~
- drop_event:
when.or:
- equals:
container.name: "filebeat"
- equals:
container.name: "kibana"
- equals:
container.name: "es"
- equals:
container.name: "redis"
- equals:
container.name: "elastalert"
- equals:
container.name: "mysql"
- equals:
container.name: "traefik"
# - add_fields:
# target: ''
# fields:
# ip: '${serverIP}'
filebeat.inputs:
- type: docker
combine_partial: true
containers:
path: "/var/lib/docker/containers"
ids: "*"
multiline.pattern: '^\d{4}-\d{2}-\d{2}'
multiline.negate: true
multiline.match: after
# - type: log
# enable: true
# paths:
# - /var/log/yum.log
# - type: container
# combine_partial: true
# paths:
# - '/var/lib/docker/containers/*/*.log'
filebeat.config:
modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
output.elasticsearch:
hosts: 'es:9200'
username: "elastic"
password: "密码"
#这里为输出新增代码
indices:
- index: "docker-%{[container.name]}-%{+yyyy.MM}"
setup.kibana:
host: "kibana:5601"
#主要是这个配置(filebeat版本7+)
setup.template.name: "docker"
setup.template.pattern: "docker-*"
setup.template.enabled: true
setup.template.overwrite: true
setup.ilm.enabled: false
============ 欢迎各位老板打赏~ ===========
与本文相关的文章
- · docker insepct logtail
- · confluence 6.13升级到confluence 7.19
- · Docker 快速部署 FastAPI 项目
- · docker安装 Confluence9
- · 单台服务器应用不中断服务热部署滚动更新方案
- · docker安装code-server
- · Docker 镜像加速列表(20250216已更新)
- · 解决docker push 到私有registry时,报unknown blob错
- · Filebeat + ZincSearch 轻量级日志
- · Amazon Linux 2023 安装Docker和Docker Compose
- · 修改Docker的默认网段
- · docker定时任务Mysql脚本
