Windows2012 R2上的文件节拍

Question

我使用Filebeat > Logstash > Elasticsearch > Kibana来解析和分析日志，主要是Java Stack Trace和其他日志。

以下是文件节拍的YML

filebeat:
  prospectors:
    -
      paths:
        - C:\logs\OCR\example.log
      input_type: log
      #document_type: UAT_EXAMPLE
      exclude_lines: [".+DEBUG"]
      multiline:
         pattern: ".+(ERROR|INFO)"
         negate: true
         match: after
      fields:
         app_name: EXAMPLE_APP
         environment: UAT
      fields_under_root: true
      #force_close_files: true
      spool_size: 2048
      #publish_async: true
      #scan_frequency: 10s
      #close_older: 2h

output:
  logstash:
    host: "10.0.64.14"
    port: 5044
    index: filebeat
    timeout: 5
    reconnect_interval: 3
    bulk_max_size: 2048

shipper:
 tags: ["ABC_Engine", "UAT_EXAMPLE"]
 queue_size: 1000

###  Enable logging of the filebeat
logging:
  level: warning
  to_files: true
  files:
    path: c:\logs\
    name: mybeat.log
    rotateeverybytes: 20485760 # = 20MB
    keepfiles: 7

启用文件节拍的日志记录在windows上也不起作用。如果我遗漏了什么，请告诉我。

logging:
   level: warning
   to_files: true
   files:
      path: c:\logs\
      name: mybeat.log
      rotateeverybytes: 20485760 # = 20MB
      keepfiles: 7

问题-文件节拍有时不能发送日志到logstash，有时它开始运行传送，但有时不能。尽管如果我使用"test.log“作为浏览程序，并通过下面的配置将日志保存在本地磁盘上，它工作得很好。

将文件写入本地文件以检查输出。我已经逐个尝试了"file“输出和"logstash”输出。

output:
file:
path: c:\logs\
filename: filebeat
rotate_every_kb: 100000
number_of_files: 7

而且，这些东西主要在我使用命令行的时候运行。：

.\filebeat.exe -c filebeat.yml -e -v

请协助正确的windows配置。日志文件"example.log“每30 MB大小轮换一次。

我不太确定如何使用下面的属性，以及它们如何在windows上与Filebeat一起工作。

"close_older“"ignore_older”“日志记录”

Answer 1

logstash的输出：

注释elasticsearch行

然后

logstash:
  # The Logstash hosts
   hosts: ["localhost:5044"]

保持[]

和用于调试模式下日志的配置，例如

logging:
# Send all logging output to syslog. On Windows default is false, otherwise
# default is true.
#to_syslog: true

# Write all logging output to files. Beats automatically rotate files if      rotateeverybytes
# limit is reached.
#to_files: false

# To enable logging to files, to_files option has to be set to true
 files:
# The directory where the log files will written to.
#path: /var/log/mybeat
path: c:\PROGRA~1/filebeat

# The name of the files where the logs are written to.
name: filebeat.log

# Configure log file size limit. If limit is reached, log file will be
# automatically rotated
rotateeverybytes: 10485760 # = 10MB

# Number of rotated log files to keep. Oldest files will be deleted first.
#keepfiles: 7

# Enable debug output for selected components. To enable all selectors use    ["*"]
# Other available selectors are beat, publish, service
# Multiple selectors can be chained.
#selectors: [ ]

# Sets log level. The default log level is error.
# Available log levels are: critical, error, warning, info, debug
 level: debug

日志记录在日志记录部分，输出是logstash或elastic search，如果你想知道你可以安装为服务，请访问elastic.co网站：

https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-installation.html