Created
February 23, 2017 14:56
-
-
Save Steiniche/d2c62c6aaac71d989039346340412203 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
################### Filebeat Configuration ######################### | |
filebeat.prospectors: | |
# files subject to extended multiline support | |
- input_type: log | |
paths: | |
- C:/logs/a/server.log | |
encoding: latin1 | |
fields: | |
filebeatversion: 5.2.1 | |
fields_under_root: true | |
ignore_older: 24h | |
# The regexp Patterns that has to be matched. | |
# - match lines not starting with "$date $loglevel [module]" to be appended after previous line | |
# except for lines starting with "$date $loglevel [stderr] (thread) at" | |
# and lines starting with "$date $loglevel [stderr] (thread) ." | |
# stderr lines come from unchecked exceptions deep within hibernate and are logged one line per stacktrace line, | |
# we handle that by declaring those stderr lines starting with "at" and "..." (prefixed by only one or two tabs or spaces) | |
# for lines that need to be appended to previous lines. | |
multiline.pattern: '^[0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2}(,[0-9]{3})?[ \t]+(DEBUG|INFO|WARN|WARNING|ERROR)[ \t]+\[([^s]|s[^t]|st[^d]|std[^e]|stde[^r]|stder[^r]|stderr[^\]]|stderr\][ \t]+\([^\)]+\)[ \t][^a\. \t]|stderr\][ \t]+\([^\)]+\)[ \t]a[^t]|stderr\][ \t]+\([^\)]+\)[ \t][ \t][^a\.]|stderr\][ \t]+\([^\)]+\)[ \t][ \t]a[^t])' | |
multiline.negate: true | |
multiline.match: after | |
multiline.max_lines: 1000 | |
# files subject to normal java multiline support | |
- input_type: log | |
paths: | |
- C:/logs/a/access.log | |
encoding: latin1 | |
fields: | |
filebeatversion: 5.2.1 | |
fields_under_root: true | |
ignore_older: 24h | |
multiline: | |
# - match lines not starting with "$date " to be appended after previous line | |
multiline.pattern: '^[0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2}(,[0-9]{3})?' | |
multiline.negate: true | |
multiline.match: after | |
multiline.max_lines: 1000 | |
# files subject to normal php multiline support | |
- input_type: log | |
paths: | |
- C:/logs/b/php.log | |
- C:/logs/b/error.log | |
encoding: latin1 | |
# Exclude lines. Has no effect with multilines | |
# exclude_lines: ['^[ \t]+\r?$'] | |
fields: | |
filebeatversion: 5.2.1 | |
fields_under_root: true | |
ignore_older: 24h | |
multiline: | |
# - match lines not starting with "[...(somedigit)...]" to be appended after previous line | |
multiline.pattern: '^\[[^\]]+[0-9][^\]]+\]' | |
multiline.negate: true | |
multiline.match: after | |
multiline.max_lines: 1000 | |
# files not subject to multiline support | |
- input_type: log | |
paths: | |
- C:/logs/b/access.log | |
- C:/logs/filebeat.log | |
- C:/logs/newrelic_agent.log | |
encoding: latin1 | |
exclude_lines: ['^[ \t]+\r?$'] | |
fields: | |
filebeatversion: 5.2.1 | |
fields_under_root: true | |
ignore_older: 24h | |
filebeat.registry_file: "C:/ProgramData/filebeat/registry" | |
output.logstash: | |
hosts: ["cicerologs.systematic.com:3515","cicerologs.systematic.com:3516"] | |
loadbalance: true | |
ssl.certificate_authorities: ["C:/Tools/filebeat/a.crt"] | |
ssl.certificate: "C:/Tools/filebeat/b.crt" | |
ssl.key: "C:/Tools/filebeat/c.key" | |
logging.level: error | |
logging.to_files: true | |
logging.files: | |
path: C:/logs/ | |
name: filebeat.log | |
rotateeverybytes: 10485760 # = 10MB | |
keepfiles: 10 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment