filebeat字段新增ip地址
filebeat读取本地的ip地址有几种方式,一直使用的是手动和读取环境变量,直到遇到大批量部署时,发现手动配置文件或者写环境变量的方法,太过于繁琐。
手动
filebeat.inputs:
- input_type: log
tail_files: true
paths:
- /opt/test.log
fields:
host_ip: 192.168.113.138
fields_under_root: true
读取环境变量
filebeat.inputs:
- type: log
paths:
- /opt/test.log
tail_lines: true
fields: # 使用 fields 模块添加字段
host_ip: ${SERVER_IP} # host_ip 为字段名称,后面的值为 SERVER_IP 变量值,该变量为系统变量
fields_under_root: true # 将新增的字段放在顶级,收集后字段名称显示 host_ip。如果设置为 false,则放在子集,收集后显示为 fields.host_ip
自动
在beat的yml文件中新增,适用于所有beat。
processors:
- add_host_metadata:
netinfo.enabled: true
结果
{
"@timestamp": "2024-07-15T08:35:34.364Z",
"@metadata": {
"beat": "filebeat",
"type": "doc",
"version": "6.8.6"
},
"offset": 174,
"log": {
"file": {
"path": "/tmp/sq.log"
}
},
"message": "2024-07-15 this is test7",
"prospector": {
"type": "log"
},
"input": {
"type": "log"
},
"beat": {
"version": "6.8.6",
"name": "k8s-test",
"hostname": "k8s-test"
},
"host": {
"id": "0950526080cd446db28a0254847b5ea6",
"containerized": false,
"ip": [
"192.168.113.138",
"fe80::250:56ff:fe3e:d525",
"192.18.0.1",
"fe80::42:93ff:fe9e:4a72",
"fe80::f039:ceff:fe10:3919",
"fe80::78d0:7eff:fef7:ef4d"
],
"mac": [
"00:50:56:3e:d5:25",
"02:42:93:9e:4a:72",
"f2:39:ce:10:39:19",
"7a:d0:7e:f7:ef:4d"
],
"architecture": "x86_64",
"os": {
"name": "CentOS Linux",
"codename": "Core",
"platform": "centos",
"version": "7 (Core)",
"family": "redhat"
},
"name": "k8s-test"
},
"source": "/tmp/sq.log"
}