115 lines
3.5 KiB
YAML
115 lines
3.5 KiB
YAML
#filebeat.config:
|
|
# modules:
|
|
# path: ${path.config}/modules.d/*.yml
|
|
# reload.enabled: false
|
|
|
|
filebeat.autodiscover:
|
|
providers:
|
|
- type: kubernetes
|
|
node: '${NODE_NAME}'
|
|
hints.enabled: true
|
|
#templates:
|
|
# - config:
|
|
# - type: container
|
|
# paths:
|
|
# - /var/log/containers/*-${data.kubernetes.container.id}.log
|
|
# kubernetes pod annotation example
|
|
# annotations:
|
|
# co.elastic.logs.json-logging/json.keys_under_root: "true"
|
|
# co.elastic.logs.json-logging/json.add_error_key: "true"
|
|
# co.elastic.logs.json-logging/json.message_key: "message"
|
|
hints.default_config:
|
|
type: container
|
|
paths:
|
|
- /var/log/containers/*-${data.kubernetes.container.id}.log
|
|
ignore_older: 24h
|
|
|
|
processors:
|
|
- add_cloud_metadata: ~
|
|
- add_locale:
|
|
format: offset
|
|
- add_kubernetes_metadata:
|
|
- add_host_metadata: ~
|
|
- decode_json_fields:
|
|
fields: [ "message" ]
|
|
target: "message_json"
|
|
when:
|
|
or:
|
|
- equals:
|
|
kubernetes.container.name: etcd
|
|
- equals:
|
|
kubernetes.container.name: kilo
|
|
- equals:
|
|
kubernetes.container.name: cfssl-issuer
|
|
- rename:
|
|
fields:
|
|
- from: "kubernetes.container.name"
|
|
to: "container.name"
|
|
ignore_missing: true
|
|
fail_on_error: false
|
|
- dissect:
|
|
tokenizer: '%{nginx.remote_addr} - %{nginx.remote_user} [%{nginx.time}] %{nginx.host} "%{nginx.request}" %{nginx.status|integer} %{nginx.http_referer} "%{nginx.http_user_agent}" %{nginx.http_x_real_ip} %{nginx.http_x_forwarded_for} %{nginx.request_id} "%{nginx.geoip_country_name}" %{nginx.geoip_country_code} "%{nginx.geoip_asn_name}" %{nginx.geoip_asn_number|integer} location:"%{nginx.geoip.lat|double}" "%{nginx.geoip.lon|double}" req_header:"%{nginx.header.req}" resp_header:"%{nginx.header.resp}"'
|
|
trim_values: all
|
|
target_prefix: ""
|
|
field: "message"
|
|
when:
|
|
equals:
|
|
container.name: nginxfront
|
|
- dissect:
|
|
tokenizer: '%{php.time} [%{php.status}] %{php.info}: %{php.message}, client: %{php.client}, server: %{php.server}, request: "%{php.request}", host: "%{php.host}"'
|
|
target_prefix: ""
|
|
field: "message"
|
|
when:
|
|
equals:
|
|
container.name: nginxfront
|
|
- timestamp:
|
|
field: nginx.time
|
|
target_field: nginx.time
|
|
layouts:
|
|
- '02/Jan/2006:15:04:05 -0700'
|
|
test:
|
|
- '27/May/2022:21:41:02 +0000'
|
|
when:
|
|
equals:
|
|
container.name: nginxfront
|
|
- drop_event:
|
|
when:
|
|
equals:
|
|
container.name: filebeat
|
|
|
|
setup:
|
|
kibana:
|
|
host: '${KIBANA_HOSTS:kibana:5601}'
|
|
ssl:
|
|
verification_mode: none
|
|
template:
|
|
enabled: true
|
|
name: "filebeat-%{[agent.version]}"
|
|
pattern: "filebeat-%{[beat.version]}-*"
|
|
settings:
|
|
index.number_of_shards: 1
|
|
index.number_of_replicas: 0
|
|
append_fields:
|
|
- name: container.name
|
|
type: keyword
|
|
- name: kubernetes.container.name
|
|
type: keyword
|
|
- name: nginx.geoip
|
|
type: geo_point
|
|
|
|
dashboards:
|
|
enabled: false
|
|
|
|
output.elasticsearch:
|
|
hosts: '[${ELASTICSEARCH_HOSTS:elasticsearch:9200}]'
|
|
username: '${ELASTICSEARCH_USERNAME:}'
|
|
password: '${ELASTICSEARCH_PASSWORD:}'
|
|
ssl:
|
|
verification_mode: none
|
|
indices:
|
|
#- index: "filebeat-%{[agent.version]}-%{[container.name]:common}-%{+yyyy.MM.dd}"
|
|
- index: "filebeat-%{[agent.version]}-%{[container.name]:common}"
|
|
|
|
|
|
#logging.json: true
|
|
#logging.metrics.enabled: false |