Filebeat7.2.1环境搭建

例子

1】filebeat-->elasticsearch

filebeat.inputs:
- type: log
  paths:
    - /app/logs/access.log
    - /app/logs/error.log

  multiline.pattern: '^\['
  multiline.negate: true
  multiline.match: after
  
filebeat.config.modules:
  path: ${path.config}/modules.d/*.yml
  reload.enabled: false

setup.template.settings:
  index.number_of_shards: 1

output.elasticsearch:
  hosts: ["http://192.168.1.1:9200"]
  index: "test-log-%{+yyyy.MM.dd}"

setup.template.name: "test-log"
setup.template.pattern: "test-log-*"
setup.ilm.enabled: false

processors:
  - add_host_metadata: ~
  - add_cloud_metadata: ~

test-log：自定义索引名

非字符 [ 开头的行，合并到上一行
  multiline.pattern: '^\['
  multiline.negate: true
  multiline.match: after
非 2015-08-24 格式开头的行，合并到上一行。
  multiline.pattern: '^\[0-9]{4}-[0-9]{2}-[0-9]{2}'
  multiline.negate: true
  multiline.match: after