name: xxxx
logging.level: warning
setup.ilm.enabled: false
setup.template.name: "filebeat-xxxx"
setup.template.pattern: "filebeat-xxxx-*"
setup.template.overwrite: true
setup.template.append_fields:
- name: java.line_num
  type: long
- name: log.content
  type: text
- name: nginx.client
  type: ip
- name: nginx.response.body_size
  type: long
- name: mysql.querytime
  type: long
- name: mysql.sql
  type: text

filebeat.inputs:
- type: log
  enabled: true
  paths:
  - /path/to/xxxx.log
  multiline.pattern: "^20"
  multiline.negate: true
  multiline.match: after
  fields:
    log.app: java
  fields_under_root: true

processors:
- include_fields:
    fields:
    - log.app
    - log.file.path
    - agent.hostname
    - agent.name
    - message
- if:
    equals:
      log.app: java
  then:
  - dissect:
      tokenizer: '%{_logtime},%{_logms} [%{java.jar}] %{log.level} [%{java.thread}] %{java.class}.%{java.function}(%{java.line_num}) : %{log.content}'
      target_prefix: ""
      overwrite_keys: true
- timestamp:
    field: _logtime
    timezone: Asia/Shanghai
    layouts:
    - 2006-01-02T15:04:05
- drop_fields:
    when:
      has_fields:
      - _logtime
    fields:
    - _logtime
    - message

output.elasticsearch:
  enabled: true
  hosts:
  - http://x.x.x.x:9200
  index: "filebeat-xxxx-%{+yyyy.MM.dd}"
  username: "filebeat"
  password: "Filebeat_P@sswo2d"

output.console:
  enabled: false
  codec.json:
    pretty: true