两个tomcat日志输入源,输入配置
vim /etc/filebeat/filebeat.yml
#=========================== Filebeat inputs =============================
filebeat.inputs:
# Each - is an input. Most options can be set at the input level, so
# you can use different inputs for various configurations.
# Below are the input specific configurations.
- type: log
# Change to true to enable this input configuration.
enabled: true
# Paths that should be crawled and fetched. Glob based paths.
paths:
- /root/apache-tomcat-8.5.16/logs/*.txt
tags: ["tomcat1"]
- type: log
# Change to true to enable this input configuration.
enabled: true
# Paths that should be crawled and fetched. Glob based paths.
paths:
- /root/apache-tomcat-7.0.92/logs/*.txt
tags: ["tomcat2"]
输出配置
output.elasticsearch:
# Array of hosts to connect to.
hosts: ["192.168.81.129:9200"]
indices:
- index: "tomcat1-%{[agent.version]}-%{+yyyy.MM.dd}"
when.contains:
tags: "tomcat1"
- index: "tomcat2-%{[agent.version]}-%{+yyyy.MM.dd}"
when.contains:
tags: "tomcat2"
效果
