场景
将应用日志文件发送到rabbitmq。
filebeat 不支持rabbitmq作为输出。因此,需要先将文件由filebeat发送到logstash ,再由logstash 输出到rabbitmq。
logstash 配置
/etc/logstash/conf.d/目录下创建任意 .conf 文件
#输入,输入源为filebeat
input {
beats {
port => 5044
}
}
#过滤无用字段,仅保留message内容
filter {
mutate {
remove_field => ["host"]
remove_field => ["agent"]
remove_field => ["ecs"]
remove_field => ["tags"]
remove_field => ["fields"]
remove_field => ["@version"]
remove_field => ["@timestamp"]
remove_field => ["input"]
remove_field => ["log"]
remove_field => ["container"]
}
}
#输出,输出目标为rabbitmq
output{
rabbitmq {
id => "my_plugin_id"
exchange => "exchange-test" #mq中建立的exchange 必填项
key => "testkey" #exchance绑定queue的routekey
exchange_type => "direct" #mq交换器类型,可为["fanout", "direct", "topic", "x-consistent-hash", "x-modulus-hash"] 必填项
host => "10.0.0.10" #mq地址 必填项
port => 5672
user => "admin"
password => "abc11112323"
vhost => "test-host" #mq虚拟主机,默认为/
message_properties => {
"content_type" => "application/json"
"priority" => 1
}
}
}
logstash-rabbitmq output 官方文档
https://www.elastic.co/guide/en/beats/filebeat/7.x/exported-fields-rabbitmq.html