field
•
message
•
service_name
◦
app_api
◦
admin_api
◦
worker_api
•
log_type
◦
stdout
◦
stderr
pattern
•
curi-logs-v3
◦
app_api
◦
admin_api
◦
worker_api
•
curi-ai-proxy
◦
curi-ai-prod
◦
curi-proxy-prod
◦
curi-proxy-legacy
◦
curi-idi-api
◦
curi-ai-api
◦
curi-idi-service
◦
curi-ai-service
◦
curi-proxy-service
filebeat
sudo journalctl -u filebeat -n 200 | grep -i error
JavaScript
복사
# 로그 실시간 모니터링
sudo tail -f /var/log/filebeat/filebeat-$(date +%Y%m%d)*.ndjson | grep -v '"log.level":"info"'
JavaScript
복사
sudo systemctl status filebeat
JavaScript
복사
sudo tee /opt/filebeat/filebeat.yml > /dev/null << 'EOF'
filebeat.inputs:
- type: log
enabled: true
paths:
- /home/dean/.pm2/logs/admin-api-out*.log
- /home/dean/.pm2/logs/admin_api-out*.log
exclude_files: ['\.gz$']
fields:
service: admin_api
log_type: stdout
environment: production
server: gcp-curi-api
fields_under_root: true
multiline.pattern: '^\d{4}-\d{2}-\d{2}'
multiline.negate: true
multiline.match: after
close_inactive: 5m
- type: log
enabled: true
paths:
- /home/dean/.pm2/logs/admin-api-error*.log
- /home/dean/.pm2/logs/admin_api-error*.log
exclude_files: ['\.gz$']
fields:
service: admin_api
log_type: error
environment: production
server: gcp-curi-api
fields_under_root: true
close_inactive: 5m
- type: log
enabled: true
paths:
- /home/dean/.pm2/logs/app-api-out*.log
- /home/dean/.pm2/logs/app_api-out*.log
exclude_files: ['\.gz$']
fields:
service: app_api
log_type: stdout
environment: production
server: gcp-curi-api
fields_under_root: true
multiline.pattern: '^\d{4}-\d{2}-\d{2}'
multiline.negate: true
multiline.match: after
close_inactive: 5m
- type: log
enabled: true
paths:
- /home/dean/.pm2/logs/app-api-error*.log
- /home/dean/.pm2/logs/app_api-error*.log
exclude_files: ['\.gz$']
fields:
service: app_api
log_type: error
environment: production
server: gcp-curi-api
fields_under_root: true
close_inactive: 5m
- type: log
enabled: true
paths:
- /home/dean/.pm2/logs/worker-api-out*.log
- /home/dean/.pm2/logs/worker_api-out*.log
exclude_files: ['\.gz$']
fields:
service: worker_api
log_type: stdout
environment: production
server: gcp-curi-api
fields_under_root: true
multiline.pattern: '^\d{4}-\d{2}-\d{2}'
multiline.negate: true
multiline.match: after
close_inactive: 5m
- type: log
enabled: true
paths:
- /home/dean/.pm2/logs/worker-api-error*.log
- /home/dean/.pm2/logs/worker_api-error*.log
exclude_files: ['\.gz$']
fields:
service: worker_api
log_type: error
environment: production
server: gcp-curi-api
fields_under_root: true
close_inactive: 5m
output.elasticsearch:
hosts: ["34.61.155.10:9200"]
username: "elastic"
password: "eK4dPVn7Ngy+DVPS*gTm"
index: "curi-api-logs-%{+yyyy.MM.dd}"
template.settings:
index.number_of_shards: 1
index.number_of_replicas: 0
setup.kibana:
host: "34.61.155.10:5601"
username: "elastic"
password: "eK4dPVn7Ngy+DVPS*gTm"
setup.template:
name: "curi-api-logs"
pattern: "curi-api-logs-*"
settings:
index.number_of_shards: 1
index.codec: best_compression
processors:
- add_host_metadata:
when.not.contains.tags: forwarded
logging.level: info
logging.to_files: true
logging.files:
path: /var/log/filebeat
name: filebeat
keepfiles: 7
permissions: 0644
EOF
JavaScript
복사
sudo systemctl restart filebeat
# 상태 확인
sudo systemctl status filebeat
# 몇 초 후 로그 확인
sleep 10
sudo journalctl -u filebeat -n 20
JavaScript
복사