filebeat按docker容器名创建不同的索引
直接看配置:
processors:
- add_cloud_metadata: ~
- add_docker_metadata: ~
- drop_event:
when.or:
- equals:
container.name: "filebeat"
- equals:
container.name: "kibana"
- equals:
container.name: "es"
- equals:
container.name: "redis"
- equals:
container.name: "elastalert"
- equals:
container.name: "mysql"
- equals:
container.name: "traefik"
# - add_fields:
# target: ''
# fields:
# ip: '${serverIP}'
filebeat.inputs:
- type: docker
combine_partial: true
containers:
path: "/var/lib/docker/containers"
ids: "*"
multiline.pattern: '^\d{4}-\d{2}-\d{2}'
multiline.negate: true
multiline.match: after
# - type: log
# enable: true
# paths:
# - /var/log/yum.log
# - type: container
# combine_partial: true
# paths:
# - '/var/lib/docker/containers/*/*.log'
filebeat.config:
modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
output.elasticsearch:
hosts: 'es:9200'
username: "elastic"
password: "密码"
#这里为输出新增代码
indices:
- index: "docker-%{[container.name]}-%{+yyyy.MM}"
setup.kibana:
host: "kibana:5601"
#主要是这个配置(filebeat版本7+)
setup.template.name: "docker"
setup.template.pattern: "docker-*"
setup.template.enabled: true
setup.template.overwrite: true
setup.ilm.enabled: false
============ 欢迎各位老板打赏~ ===========
与本文相关的文章
- · k3s+kuboard快速搭建K8s生产环境集群
- · ELK/EFK中ES使用IK分词器的方式步骤
- · 解决es报错:blocked by: [FORBIDDEN/12/index read-only / allow delete (api) ]
- · traefik负载均衡/滚动升级
- · 定时备份docker中的mysql
- · 使用traefik做为docker网关(负载均衡/滚动更新)
- · 部署docker+k3s+rancher2
- · linux使用docker-compose安装和破解confluence 8.0.2
- · es+filebeat+elastalert2实现异常邮件提醒
- · linux快速搭建轻量级efk日志系统
- · docker安装neo4j
- · jenkinsfile
