我希望能够将许多Java日志文件从filebeat发送到ELK堆栈。我正在发布完整的filebeat.yml配置:
filebeat.prospectors:
- input_type: log
enabled: true
paths:
- c:\data\Logs_20180720\eis.log
fields: {log_type: eis}
- input_type: log
enabled: true
paths:
- c:\data\Logs_20180720\SA.log
fields: {log_type: sa}
multiline.match: after
multiline.pattern: '^[[:space:]]+(at|\.{3})\b|^Caused by:'
multiline.negate: false
multiline.match: after
output.file:
path: "c:/var"
filename: "filebeat.log"
filebeat.config.modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
setup.template.settings:
index.number_of_shards: 0
但是我看到只有sa文件被写入文件,而不是eis文件。任何建议表示赞赏。