1. Download & unZip
2. Start(Window)
- filebeat.ext -e -c filebeat.yml
#=========================== Filebeat inputs =============================
filebeat.inputs:
# Each - is an input. Most options can be set at the input level, so
# you can use different inputs for various configurations.
# Below are the input specific configurations.
- type: log
# Change to true to enable this input configuration.
enabled: true
# Paths that should be crawled and fetched. Glob based paths.
### BG.Commant ###
paths:
- D:\11_logs\*.log*
# Exclude lines. A list of regular expressions to match. It drops the lines that are
# matching any regular expression from the list.
#exclude_lines: ['^DBG']
# Include lines. A list of regular expressions to match. It exports the lines that are
# matching any regular expression from the list.
#include_lines: ['^ERR', '^WARN']
# Exclude files. A list of regular expressions to match. Filebeat drops the files that
# are matching any regular expression from the list. By default, no files are dropped.
#exclude_files: ['.gz$']
# Optional additional fields. These fields can be freely picked
# to add additional information to the crawled log files for filtering
# 커스텀 정의 필드를 정의할 수 있다. 이렇게 하면 logstash에서 filter에서 분기하여 조건이 가능하다.
# ----------------------------
# filter {
# if [fields][type] == "trace"{
# // pattern logic
# }
# else if {
# // pattern logic
# }
# }
# ----------------------------
# fields: { event: trace }
#fields:
# level: debug
# review: 1
### Multiline options
### BG.Commant ###
# 아래 정보는 log4j 에러로그 stackTrace정보를 모두 elastatic에 저장하기 위한 설정임
# 기본으로 라인단위로 elastatic 또는 logstash에 보내는데 아래는 "^\[" 으로 데이터를 분리하여 적재하는 옵션이다.
# 따라서 log4j.xml에 [datetime] - LogLevel ... 처럼 형식이 구성되어야 하며 처음 "^[" 부분이 중요하다.
# 기본설정은 모두 주석처리 되어 있다.
###################
# Mutiline can be used for log messages spanning multiple lines. This is common
# for Java Stack Traces or C-Line Continuation
# The regexp Pattern that has to be matched. The example pattern matches all lines starting with [
multiline.pattern: ^\[
# Defines if the pattern set under pattern should be negated or not. Default is false.
multiline.negate: true
# Match can be set to "after" or "before". It is used to define if lines should be append to a pattern
# that was (not) matched before or after or as long as a pattern is not matched based on negate.
# Note: After is the equivalent to previous and before is the equivalent to to next in Logstash
multiline.match: after
# 내부적으로 out source로 보내기전에 버퍼링할 수 있다.
#queue.mem:
# events: 4096 # def:4096
# flush.min_events: 512 # def:2048
# flush.timeout: 5s # def:5s