Filebeat官方文档地址

https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-installation.html

下载和安装

curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.3.1-linux-x86_64.tar.gz

tar xzvf filebeat-7.3.1-linux-x86_64.tar.gz

编写filebeat.yml

启动

chmod go-w /home/lintong/software/apache/filebeat-7.3.1-linux-x86_64/filebeat.yml

./filebeat -e -c filebeat.yml

codec.format

codec.format:

    string: '%{[@timestamp]} %{[message]}'

输出

2019-09-13T17:06:51.797Z 123123123123

codec.json

codec.json:

    pretty: true

    escape_html: false

输出

{

  "@timestamp": "2019-09-13T09:08:49.590Z",

  "@metadata": {

    "beat": "filebeat",

    "type": "_doc",

    "version": "7.3.1",

    "topic": "thrift_json_source"

  },

  "host": {

    "name": "lintong-B250M-DS3H"

  },

  "agent": {

    "version": "7.3.1",

    "type": "filebeat",

    "ephemeral_id": "60b93a10-dcce-499b-ae81-0755bfc8bf5c",

    "hostname": "lintong-B250M-DS3H",

    "id": "6ebb0912-ffce-4ddd-9cc8-7bf624e62c78"

  },

  "ecs": {

    "version": "1.0.1"

  },

  "message": "123123123123",

  "log": {

    "file": {

      "path": "/home/lintong/下载/test.log"

    },

    "offset": 0

  },

  "input": {

    "type": "log"

  }

}

如果pretty是false将输出

{"@timestamp":"2019-09-13T09:10:50.164Z","@metadata":{"beat":"filebeat","type":"_doc","version":"7.3.1","topic":"thrift_json_source"},"log":{"file":{"path":"/home/lintong/下载/test.log"},"offset":0},"message":"123123123123","input":{"type":"log"},"ecs":{"version":"1.0.1"},"host":{"name":"lintong-B250M-DS3H"},"agent":{"type":"filebeat","ephemeral_id":"b26075f9-37f8-4d95-9341-fccc4504c1b5","hostname":"lintong-B250M-DS3H","id":"6ebb0912-ffce-4ddd-9cc8-7bf624e62c78","version":"7.3.1"}}

如果需要添加字段

  paths:

    - /home/lintong/下载/test.log

  fields:

    add_field: lintong

输出

{

"@timestamp": "2019-09-16T08:16:06.169Z",

"@metadata": {

"beat": "filebeat",

"type": "_doc",

"version": "7.3.1",

"topic": "thrift_json_source"

},

"host": {

"name": "lintong-B250M-DS3H"

},

"log": {

"offset": 31,

"file": {

"path": "/home/lintong/下载/test.log"

}

},

"message": "33333333",

"input": {

"type": "log"

},

"fields": {

"add_field": "lintong"

},

"agent": {

"type": "filebeat",

"ephemeral_id": "c16102da-421d-4ff3-90ad-1737451a909d",

"hostname": "lintong-B250M-DS3H",

"id": "6ebb0912-ffce-4ddd-9cc8-7bf624e62c78",

"version": "7.3.1"

},

"ecs": {

"version": "1.0.1"

}

}

在codec.format中添加字段

  codec.format:

     string: '%{[@timestamp]} %{[fields.add_field]} %{[message]}'

输出

2019-09-16T16:18:34.048Z lintong 55555555

如果想添加的字段在json的顶层,就是不在fields字段下层

  paths:

    - /home/lintong/下载/test.log

  fields:

    add_field: lintong

  fields_under_root: true

输出

{

  "@timestamp": "2019-09-16T08:22:43.997Z",

  "@metadata": {

    "beat": "filebeat",

    "type": "_doc",

    "version": "7.3.1",

    "topic": "thrift_json_source"

  },

  "agent": {

    "ephemeral_id": "d8e45d90-6434-4e0d-a6fc-74611b87cbd4",

    "hostname": "lintong-B250M-DS3H",

    "id": "6ebb0912-ffce-4ddd-9cc8-7bf624e62c78",

    "version": "7.3.1",

    "type": "filebeat"

  },

  "log": {

    "offset": 58,

    "file": {

      "path": "/home/lintong/下载/test.log"

    }

  },

  "message": "66666666",

  "add_field": "lintong",

  "input": {

    "type": "log"

  },

  "ecs": {

    "version": "1.0.1"

  },

  "host": {

    "name": "lintong-B250M-DS3H"

  }

}

如果要去掉不要的字段

参考:

https://studygolang.com/articles/10935


https://www.elastic.co/guide/en/beats/filebeat/current/drop-fields.html

比如

processors:

- drop_fields:

     fields: ["host", "log", "input","ecs","agent"]

输出

{

  "@timestamp": "2019-09-16T08:55:55.934Z",

  "@metadata": {

    "beat": "filebeat",

    "type": "_doc",

    "version": "7.3.1",

    "topic": "thrift_json_source"

  },

  "message": "33333333",

  "add_field": "lintong"

}

其中@metadata和@timestamp不能在filebeat中去掉

Ubuntu16.04安装Filebeat的更多相关文章

  1. ubuntu16.04安装jdk,tomcat

    ubuntu16.04安装jdk,tomcat 最近装了一下tomcat,网上的教程很多,我也试了很多次,但是有一些教程关于tomcat配置是错误的,让我走上了歧途.差点重装系统,还好王总及时出手帮助 ...

  2. Ubuntu16.04 安装openjdk-7-jdk

    Ubuntu16.04 安装openjdk-7-jdk sudo apt-get install openjdk-7-jre 或者sudo apt-get install openjdk-7-jdk ...

  3. Ubuntu16.04安装GTK3主题:OSX-Arc

    Ubuntu16.04安装GTK3主题:OSX-Arc GTK3主题:OSX-Arc描述: 前几个月,Gnome3.20升3.22的时候,出现了大量主题崩溃的现象,其中包括Arc.Flatabulou ...

  4. Ubuntu16.04安装opencv for python/c++

    Ubuntu16.04安装opencv for python/c++ 网上关于opencv的安装已经有了不少资料,但是没有一篇资料能让我一次性安装成功,因此花费了大量时间去解决各种意外,希望这篇能给一 ...

  5. ubuntu16.04安装不上有道词典的解决办法

    转自:http://www.linuxdiyf.com/linux/21143.html ubuntu16.04安装不上有道词典,提示: le@hu-pc:~/下载$ sudo dpkg -i you ...

  6. Ubuntu16.04安装mongodb

    Ubuntu16.04安装mongodb copy from: http://blog.csdn.net/zhushh/article/details/52451441 1.导入软件源的公钥 sudo ...

  7. 【Tools】ubuntu16.04安装搜狗输入法

    Ubuntu16,04 安装搜狗输入法 1.下载搜狗输入法的安装包 下载地址为:http://pinyin.sogou.com/linux/ 2.按键Ctr+Alt+T打开终端,输入以下命令切换到下载 ...

  8. Ubuntu16.04安装cuda9.0+cudnn7.0

    Ubuntu16.04安装cuda9.0+cudnn7.0 这篇记录拖了好久,估计是去年6月份就已经安装过几遍,然后一方面因为俺比较懒,一方面后面没有经常在自己电脑上跑算法,比较少装cuda和cudn ...

  9. Ubuntu16.04安装TensorFlow及Mnist训练

    版权声明:本文为博主原创文章,欢迎转载,并请注明出处.联系方式:460356155@qq.com TensorFlow是Google开发的开源的深度学习框架,也是当前使用最广泛的深度学习框架. 一.安 ...

随机推荐

  1. Obloq模块:基于ESP8266的物联网模块

    OBLOQ 物联网模块 OBLOQ模块是DFRobot公司开发的一款基于ESP8266芯片的物联网通信模块.模块使用串口(TTL UART)和Arduino(或者其他单片机)通信,支持MQTT,HTT ...

  2. ElasticSearch6.3.2 集群做节点冷(warm) 热(hot) 分离

    拿一个小规模的5节点ES集群做冷热分离尝试,它上面已经有60多个索引,有些索引按月.每月生成一个索引,随着数据的不断写入,历史数据(只需保留三个月数据,三个月之前的数据视为历史数据)越来越占磁盘空间和 ...

  3. 彩虹表(rainbow table)

    前记 MD5的全称是Message-Digest Algorithm 5(信息-摘要算法): 特点是不可逆的,一般解密不了:那有没有想过,为什么各种工具网站都可以进行MD5解密呢?https://ww ...

  4. Codeforces Global Round 3

    Codeforces Global Round 3 A. Another One Bites The Dust 有若干个a,有若干个b,有若干个ab.你现在要把这些串拼成一个串,使得任意两个相邻的位置 ...

  5. How to call a stored procedure in EF Core 3.0 via FromSqlRaw(转载)

    问: I recently migrated from EF Core 2.2 to EF Core 3.0. Unfortunately, I haven't found a way to call ...

  6. IDEA 设置: Live Templates 方法注释 注释模板编写

    IDEA: Live Templates 方法注释 注释模板编写: 打开IDEA开发工具进入设置找到Editor: File>>Setting>>Editor>>L ...

  7. 结合 Vue.observable 写一个简易 Vuex

    作为 Vue 全家桶的一员,Vuex 的重要性不言而喻,不管是用来管理状态,还是封装 Controler 都很好用 不过在一些体量较小的项目中,为了几个简单的状态或者处理函数而引入 Vuex,就像是高 ...

  8. QML MouseArea学习小结

    QML中的MouseArea类型为用户进行简单的鼠标操作提供了方便. MouseArea是一个不可见的Item,通常与可见项目结合使用,以便为该项目提供鼠标处理.通过有效地充当代理,鼠标处理的逻辑可以 ...

  9. Oracle 11.2.0.4单实例打补丁

    Oracle 11.2.0.4单实例打PSU,OJVM PSU补丁快速参考 写在前面: ·         1.Oracel打每个补丁的操作有时存在差异,所以不管多熟悉,都应该在打任何补丁之前阅读新补 ...

  10. MYSQL入门操作和常规DML、DDL、DQL使用

    刷新权限,将某些权限从硬盘刷新到内存中(修改root密码自带隐式刷新权限操作) mysql> flush privileges; Query OK, 0 rows affected (0.00 ...