88 lines
2.8 KiB
YAML
88 lines
2.8 KiB
YAML
filebeat.config.inputs:
|
|
enabled: true
|
|
path: ${path.config}/filebeat_quick.yml
|
|
reload.enabled: true
|
|
reload.period: 10s
|
|
|
|
filebeat.inputs:
|
|
- type: log
|
|
paths: {{ logs[log_type]['paths'] }}
|
|
harvester_buffer_size: 40960
|
|
ignore_older: {{ filebeat_older }}
|
|
tail_files: {{ filebeat_tail_files | string | lower }}
|
|
|
|
max_procs: {{ filebeat_max_procs }}
|
|
|
|
filebeat.config.modules:
|
|
path: ${path.config}/modules.d/*.yml
|
|
reload.enabled: false
|
|
|
|
# ======================= Elasticsearch template setting =======================
|
|
setup.ilm.enabled: false
|
|
setup.template.name: "logs[log_type]['template_name']"
|
|
setup.template.pattern: "logs[log_type]['template_pattern']"
|
|
|
|
setup.template.settings:
|
|
index.number_of_shards: 3
|
|
|
|
{% if 'kibana' in logs[log_type] -%}
|
|
setup.kibana:
|
|
host: "{{ logs[log_type]['kibana']['kibana_url'] }}"
|
|
space.id: "{{ logs[log_type]['kibana']['kibana_space'] }}"
|
|
{% endif -%}
|
|
|
|
# ---------------------------- Elasticsearch Output ----------------------------
|
|
{% if 'output' not in logs[log_type] or logs[log_type]['output'] == 'elastic' %}
|
|
output.elasticsearch:
|
|
hosts: {{ logs[log_type]['es_hosts'] }}
|
|
{% if 'sublog' in logs[log_type] -%}
|
|
index: "{{ logs[log_type]['index_prefix'] }}-{{ instance_name }}-{{ logs[log_type]['sublog'] }}-%{+yyyy.MM.dd}"
|
|
{% else -%}
|
|
index: "{{ logs[log_type]['index_prefix'] }}-{{ instance_name }}-%{[sublog]}-%{+yyyy.MM.dd}"
|
|
{% endif -%}
|
|
{% if 'pipeline' in logs[log_type] -%}
|
|
pipeline: "logs[log_type]['pipeline']"
|
|
{% endif -%}
|
|
username: {{ logs[log_type]['es_user'] }}
|
|
password: {{ logs[log_type]['es_passwd'] }}
|
|
|
|
bulk_max_size: 1500
|
|
flush_interval: 5s
|
|
compression_level: {{ filebeat_compression_level }}
|
|
worker: {{ filebeat_output_works }}
|
|
{% endif -%}
|
|
|
|
{% if 'output' in logs[log_type] and logs[log_type]['output'] == 'debug' -%}
|
|
output.console:
|
|
pretty: true
|
|
{% endif -%}
|
|
|
|
# ================================= Processors =================================
|
|
processors:
|
|
- add_host_metadata:
|
|
when.not.contains.tags: forwarded
|
|
- add_cloud_metadata: ~
|
|
- add_docker_metadata: ~
|
|
- add_kubernetes_metadata: ~
|
|
{% if 'dissect_tokenizers' in logs[log_type] -%}
|
|
{% for tokenizer in logs[log_type]['dissect_tokenizers'] -%}
|
|
- dissect:
|
|
tokenizer: "{{ tokenizer['tokenizer'] }}"
|
|
field: {{ tokenizer['field_name'] }}
|
|
target_prefix: ""
|
|
{% endfor -%}
|
|
{% endif -%}
|
|
{% if 'convert_timestamp' in logs[log_type] -%}
|
|
- timestamp:
|
|
field: {{ logs[log_type]['convert_timestamp']['field_name'] }}
|
|
layouts: {{ logs[log_type]['convert_timestamp']['layouts'] }}
|
|
timezone: "Asia/Shanghai"
|
|
{% endif -%}
|
|
{% if 'scripts' in logs[log_type] -%}
|
|
{% for script in logs[log_type]['scripts'] -%}
|
|
- script:
|
|
lang: javascript
|
|
id: {{ script['id'] }}
|
|
file: {{ script['file'] }}
|
|
{% endfor %}
|
|
{%- endif -%} |