filebeat--logstash同步日志文件

版权声明：本文为博主原创文章，未经博主允许不得转载。 https://blog.csdn.net/sinat_34233802/article/details/68942465

#filebeat
#配置
- input_type: log

  # Paths that should be crawled and fetched. Glob based paths.
  paths:
    - /var/log/**.log

    - /var/log/**/**.log                    #filebeat不支持自动匹配目录及子目录
    ignore_older: 1m      #忽略以前文件
output.logstash:
  # The Logstash hosts
  hosts: ["localhost:5046"]
#启动
./filebeat -e -c filebeat.yml 
#data目录下回记录日志文件的offset

#logstash
#配置
input {
  beats {
    port =>5046
  }
}

filter {
  mutate {
    gsub => [
       "source" , "^(\/[^\/^]+){2}/","" ]       #数字2可设置为想过滤的文件夹层级，正则替换
  }
}
output {
  file {
    path => "/tmp/file-to-log/%{source}"
    codec => line {
            format => "%{message}"           #以原始内容保存，去掉传输过程中的增加字段       
        }
  }
}

#启动
./logstash -f test-filebeat.conf