devbox
菜鸟追梦旅行
这个屌丝很懒,什么也没留下!
关注作者
热门标签
热门文章
当前位置:   article > 正文

filebeat开启自带模块收集日志如何辨别日志来源等

作者:菜鸟追梦旅行 | 2024-03-07 09:07:50

怎么确定一个日志文件是谁产生的

filebeat启动自带模块后,日志先输出到Redis中
比如开启了system模块日志和redis模块日志
在Redis中查看收集过来的日志时,可以看到如下的这些信息
system日志信息

  1. {
  2.   "@timestamp": "2019-09-02T04:10:20.423Z",
  3.   "@metadata": {
  4.     "beat": "filebeat",
  5.     "type": "_doc",
  6.     "version": "7.3.0",
  7.     "pipeline": "filebeat-7.3.0-system-syslog-pipeline"
  8.   },
  9.   "ecs": {
  10.     "version": "1.0.1"
  11.   },
  12.   "host": {
  13.     "os": {
  14.       "name": "CentOS Linux",
  15.       "kernel": "3.10.0-957.21.3.el7.x86_64",
  16.       "codename": "Core",
  17.       "platform": "centos",
  18.       "version": "7 (Core)",
  19.       "family": "redhat"
  20.     },
  21.     "id": "35a7a3c7af8f44188f7095d5291a188e",
  22.     "containerized": false,
  23.     "name": "bogon",
  24.     "hostname": "bogon",
  25.     "architecture": "x86_64"
  26.   },
  27.   "service": {
  28.     "type": "system"
  29.   },
  30.   "input": {
  31.     "type": "log"
  32.   },
  33.   "event": {
  34.     "module": "system",
  35.     "dataset": "system.syslog",
  36.     "timezone": "+08:00"
  37.   },
  38.   "fileset": {
  39.     "name": "syslog"
  40.   },
  41.   "agent": {
  42.     "hostname": "bogon",
  43.     "id": "a44c8bbc-723c-4982-84f8-bad50c80fac9",
  44.     "version": "7.3.0",
  45.     "type": "filebeat",
  46.     "ephemeral_id": "50725221-8fe5-48be-af66-89e43fadf1c2"
  47.   },
  48.   "log": {
  49.     "offset": 21029,
  50.     "file": {
  51.       "path": "/var/log/messages"
  52.     }
  53.   },
  54.   "message": "Sep  2 12:10:10 bogon filebeat: 2019-09-02T12:10:10.357+0800#011INFO#011crawler/crawler.go:139#011Stopping Crawler"
  55. }

redis日志信息

  1. {
  2.   "@timestamp": "2019-09-02T05:33:45.984Z",
  3.   "@metadata": {
  4.     "beat": "filebeat",
  5.     "type": "_doc",
  6.     "version": "7.3.0",
  7.     "pipeline": "filebeat-7.3.0-redis-log-pipeline"
  8.   },
  9.   "service": {
  10.     "type": "redis"
  11.   },
  12.   "host": {
  13.     "hostname": "bogon",
  14.     "architecture": "x86_64",
  15.     "os": {
  16.       "codename": "Core",
  17.       "platform": "centos",
  18.       "version": "7 (Core)",
  19.       "family": "redhat",
  20.       "name": "CentOS Linux",
  21.       "kernel": "3.10.0-957.21.3.el7.x86_64"
  22.     },
  23.     "id": "35a7a3c7af8f44188f7095d5291a188e",
  24.     "containerized": false,
  25.     "name": "bogon"
  26.   },
  27.   "agent": {
  28.     "hostname": "bogon",
  29.     "id": "a44c8bbc-723c-4982-84f8-bad50c80fac9",
  30.     "version": "7.3.0",
  31.     "type": "filebeat",
  32.     "ephemeral_id": "50725221-8fe5-48be-af66-89e43fadf1c2"
  33.   },
  34.   "ecs": {
  35.     "version": "1.0.1"
  36.   },
  37.   "event": {
  38.     "dataset": "redis.log",
  39.     "module": "redis"
  40.   },
  41.   "fileset": {
  42.     "name": "log"
  43.   },
  44.   "input": {
  45.     "type": "log"
  46.   },
  47.   "log": {
  48.     "offset": 21001,
  49.     "file": {
  50.       "path": "/var/log/redis/redis_6379.log"
  51.     }
  52.   },
  53.   "message": "1812:M 02 Sep 2019 13:33:45.068 * Background saving started by pid 2682"
  54. }

根据下图所示,有两处地方可以用来判断来源
可以根据这俩的不同在logstash中判断来源,进而在elasticsearch中生成不同的索引
794174-20190902145338174-793714446.png

转载于:https://www.cnblogs.com/sanduzxcvbnm/p/11446554.html

声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/菜鸟追梦旅行/article/detail/204661
推荐阅读
相关标签

Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。

  

闽ICP备14008679号