1、filebeat windows版
filebeat.inputs:
- type: log
enabled: true
paths:
- C:\logs\*.log
multiline.pattern: '^[0-9]{4}-[0-9]{2}-[0-9]{2}'
multiline.negate: true
multiline.match: "after"
tags: ["winlog"]
output.elasticsearch:
hosts: ["192.168.60.164:9200"]
indices:
- index: "winlog-%{+yyyy.MM}"
when.contains:
tags: "winlog"
2、windows 开机自启,C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
@echo off cd "C:\filebeat-7.5.1-windows-x86_64\filebeat-7.5.1-windows-x86_64\" net start filebeat @pause