如何在 elk filebeat 中限制 *-json.log
How to limit *-json.log in elk filebeat
我在 docker 和下一个 filebeat.yml
中有 filebeat
output.elasticsearch:
hosts: ["http://elastic:9200"]
index: "filebeat-%{[agent.version]}-%{+yyyy.MM.dd}"
setup.template.name: "filebeat-%{[agent.version]}"
setup.template.pattern: "filebeat-%{[agent.version]}-*"
filebeat.inputs:
- type: docker
containers.ids:
- '*'
processors:
- add_docker_metadata: ~
# Write Filebeat own logs only to file to avoid catching them with itself in docker log files
logging.level: error
logging.to_files: false
logging.to_syslog: false
loggins.metrice.enabled: false
logging.files:
path: /var/log/filebeat
name: filebeat
keepfiles: 2
permissions: 0644
ssl.verification_mode: none
容器内有 *-json.log 文件,可以无限增长和旋转
~$ sudo ls -l -h /var/lib/docker/containers/c46dfab2c3399131faf4c2d6eda14aabb780e9e3cfb9e798f9740691c26588b5
total 7.2G
-rw-r----- 1 root root 7.2G Feb 25 09:27 c46dfab2c3399131faf4c2d6eda14aabb780e9e3cfb9e798f9740691c26588b5-json.log
有什么方法可以disable/limit/rotate登录这个文件吗?
由于您使用的是 Swarm,因此您可以将服务配置为根据日志文件的大小轮换日志文件。检查下面提供的示例
version: '3.7'
volumes:
db_data:
services:
mysql:
image: mysql:5.7
command: mysqld
deploy:
restart_policy:
condition: any
delay: 5s
max_attempts: 3
window: 120s
update_config:
delay: 10s
order: start-first
parallelism: 1
rollback_config:
parallelism: 0
order: stop-first
logging:
driver: json-file
options:
'max-size': '10m'
'max-file': '5'
volumes:
- db_data:/var/lib/mysql
environment:
MYSQL_ROOT_PASSWORD: dummy
MYSQL_DATABASE: rails_production
我在 docker 和下一个 filebeat.yml
output.elasticsearch:
hosts: ["http://elastic:9200"]
index: "filebeat-%{[agent.version]}-%{+yyyy.MM.dd}"
setup.template.name: "filebeat-%{[agent.version]}"
setup.template.pattern: "filebeat-%{[agent.version]}-*"
filebeat.inputs:
- type: docker
containers.ids:
- '*'
processors:
- add_docker_metadata: ~
# Write Filebeat own logs only to file to avoid catching them with itself in docker log files
logging.level: error
logging.to_files: false
logging.to_syslog: false
loggins.metrice.enabled: false
logging.files:
path: /var/log/filebeat
name: filebeat
keepfiles: 2
permissions: 0644
ssl.verification_mode: none
容器内有 *-json.log 文件,可以无限增长和旋转
~$ sudo ls -l -h /var/lib/docker/containers/c46dfab2c3399131faf4c2d6eda14aabb780e9e3cfb9e798f9740691c26588b5
total 7.2G
-rw-r----- 1 root root 7.2G Feb 25 09:27 c46dfab2c3399131faf4c2d6eda14aabb780e9e3cfb9e798f9740691c26588b5-json.log
有什么方法可以disable/limit/rotate登录这个文件吗?
由于您使用的是 Swarm,因此您可以将服务配置为根据日志文件的大小轮换日志文件。检查下面提供的示例
version: '3.7'
volumes:
db_data:
services:
mysql:
image: mysql:5.7
command: mysqld
deploy:
restart_policy:
condition: any
delay: 5s
max_attempts: 3
window: 120s
update_config:
delay: 10s
order: start-first
parallelism: 1
rollback_config:
parallelism: 0
order: stop-first
logging:
driver: json-file
options:
'max-size': '10m'
'max-file': '5'
volumes:
- db_data:/var/lib/mysql
environment:
MYSQL_ROOT_PASSWORD: dummy
MYSQL_DATABASE: rails_production