filebeat 收集docker集群
filebeat的配置文件
filebeat.config:
modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
processors:
- add_cloud_metadata: ~
- add_docker_metadata: ~
- add_host_metadata: ~
filebeat.inputs:
- type: docker
combine_partial: false
containers:
path: “/var/lib/docker/containers”
json.keys_under_root: true
ids:
- “*”
fields:
logtopic: docker
setup.template.settings:
index.number_of_shards: 3
setup.kibana:
setup.template.name: “app”
setup.template.pattern: “app-*”
setup.template.overwrite: true
setup.template.enabled: false
setup.ilm.enabled: false
output.elasticsearch:
hosts: [“172.30.149.181:9200”,“172.30.149.182:9200”,“172.30.149.183:9200”]
indices:
- index: “test-sec-%{+yyyy.MM}”
when.equals:
fields:
logtopic: “syslog”
- index: “test-app-%{+yyyy.MM}”
when.equals:
fields:
logtopic: “docker”
或者是采用自动发现
filebeat.config:
modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
filebeat.autodiscover:
providers:
- type: docker
hints.enabled: true
hints.default_config.enabled: false
exclude: [“filebeat”]
setup.template.settings:
index.number_of_shards: 3
setup.kibana:
setup.template.name: “bss-app”
setup.template.pattern: “bss-app*”
setup.template.overwrite: true
setup.template.enabled: false
setup.ilm.enabled: false
output.elasticsearch:
hosts: [“172.30.149.18:9200”]
index: “bss-app-%{+yyyy.MM}”
processors:
- add_host_metadata: ~
- add_docker_metadata: ~
- drop_event:
when:
equals:
docker.container.name: “filebeat”