我已配置以下filebeat安装文件:
files:
"/etc/filebeat/filebeat.yml":
mode: "000755"
owner: root
group: root
content: |
filebeat.prospectors:
- input_type: log
paths:
- /var/log/eb-engine.log
- /var/log/puma/puma.log
- /var/app/current/log/sidekiq.log
- /var/app/current/log/staging.log
- /var/app/current/log/production.log
exclude_lines: ['^[[:space:]]*$']
multiline:
# Order for pattern: 'eb-engine, sidekiq and staging|puma'
pattern: '^\s*(([I,V,E,W,L], ){0,1}\[{0,1}2[0-9]{3}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}|=== |.*\[[a-z,0-9,\-]{36}\]( Started| Sending| $))'
negate: true
match: after
fields:
appname: mrp
appcomponent: mrp-api
environment: ${ELK_ENV:empty_value}
output.logstash:
hosts: ["3.224.192.38:5044"]
container_commands:
1_command:
command: "curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.8.2-x86_64.rpm"
cwd: /home/ec2-user
2_command:
command: "rpm -ivh --replacepkgs filebeat-6.8.2-x86_64.rpm"
cwd: /home/ec2-user
3_command:
command: "/etc/init.d/filebeat stop"
4_command:
command: "/etc/init.d/filebeat start"
我在kibana索引管理中看到了mrp索引,但我看到的是 empty_value
而不是中配置的值 ELK_ENV
,即 development
. 我在其他项目中安装并运行了相同的文件,并且工作正常,唯一的区别是它在amazonlinux2平台上运行。
暂无答案!
目前还没有任何答案,快来回答吧!