要实现的功能
使用Filebeat监听UDP端口,然后解析传入的JSON数据,并写入Elasticsearch中。
修改Filebeat配置
filebeat.inputs:
- type: udp
enable: true
host: "0.0.0.0:2679"
processors:
- decode_json_fields:
fields: ["message"]
target: "zlog"
参考文献
Filebeat 6.3.1 UDP + Json
Filebeat优化实践
Filebeat Reference [6.5] » Configuring Filebeat » Configure inputs » UDP input
Filebeat Reference [6.5] » Configuring Filebeat » Filter and enhance the exported data
Filebeat Reference [6.5] » Configuring Filebeat » Filter and enhance the exported data » Decode JSON fields
Filebeat Reference [6.5] » Configuring Filebeat » Configure the output » Configure the Elasticsearch output