ELK配置记录

1.  filebeat.yml配置

启动命令： ./filebeat -e -c filebeat.yml

# 输入
filebeat.inputs:
- type: log
  enabled: true
  paths:
    - /soft/log/base.*
  #跨行日志正则，从有时间的开始，到下一个时间之前结束
  multiline.pattern: '^\[[0-9]{4}-[0-9]{2}-[0-9]{2}'
  multiline.negate: true
  multiline.match: after
# 日志标签
  tags: ["user-log"]
setup.template.settings:
  index.number_of_shards: 1
  index.number_of_replicas: 0
# 输出到logstash
output.logstash:
 # logstash地址
  hosts: ["127.0.0.1:5044"]
# 默认配置
processors:
  - add_host_metadata:
      when.not.contains.tags: forwarded
  - add_cloud_metadata: ~
  - add_docker_metadata: ~
  - add_kubernetes_metadata: ~

2. logstash-sample.conf 配置

启动命令：./bin/logstash -f config/logstash-sample.conf 

input {
  beats {
    port => 5044
  }
}
 
output {
  elasticsearch {
    hosts => ["http://127.0.0.1:9200"]
    index => "test-log-%{+YYYY-MM-dd}"
  }
}

kibana日志结果：