window下安装

下载filebeat-8.1.2-windows-x86_64.zip
https://www.elastic.co/downloads/past-releases/filebeat-8-1-2

解压之后效果

配置

拷贝一份filebeat.example.yml重命名为filebeat.yml修改配置如下

#=========================== Filebeat inputs =============================
filebeat.inputs:
- type: log
  enabled: true
  # 要抓取的文件路径 
  paths:
    - /data/logs/oh-coupon/info.log
    - /data/logs/oh-coupon/error.log
  # 添加额外的字段
  fields:
    log_source: oh-coupon
  fields_under_root: true
  # 多行处理
  # 不以"yyyy-MM-dd"这种日期开始的行与前一行合并 
  multiline.pattern: ^\d{4}-\d{1,2}-\d{1,2}
  multiline.negate: true
  multiline.match: after

  # 5秒钟扫描一次以检查文件更新
  scan_frequency: 5s
  # 如果文件1小时都没有更新，则关闭文件句柄
  close_inactive: 1h  
  # 忽略24小时前的文件
  #ignore_older: 24h


- type: log
  enabled: true
  paths:
    - /data/logs/oh-promotion/info.log
    - /data/logs/oh-promotion/error.log
  fields:
    log_source: oh-promotion
  fields_under_root: true
  multiline.pattern: ^\d{4}-\d{1,2}-\d{1,2}
  multiline.negate: true
  multiline.match: after
  scan_frequency: 5s
  close_inactive: 1h  
  ignore_older: 24h

#================================ Outputs =====================================

#-------------------------- Elasticsearch output ------------------------------
#output.elasticsearch:
  # Array of hosts to connect to.
  # hosts: ["localhost:9200"]

  # Optional protocol and basic auth credentials.
  #protocol: "https"
  #username: "elastic"
  #password: "changeme"

#----------------------------- Logstash output --------------------------------
output.logstash:
  # The Logstash hosts
  hosts: ["localhost:5044"]

  # Optional SSL. By default is off.
  # List of root certificates for HTTPS server verifications
  #ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]

  # Certificate for SSL client authentication
  #ssl.certificate: "/etc/pki/client/cert.pem"

  # Client Certificate Key
  #ssl.key: "/etc/pki/client/cert.key"

cmd启动

cmd运行
　　然后在当前目录下，新建一个bat文件，eg ： start.bat 内容

.\filebeat -e -c filebeat.yml