<Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true">

        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log" suffix=".txt" pattern="%h %l %u %t &quot;%r&quot; %s %b"/>

        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access" suffix=".log" pattern="{&quot;client&quot;:&quot;%h&quot;, &quot;client user&quot;:&quot;%l&quot;, &quot;authenticated&quot;:&quot;%u&quot;, &quot;access time&quot;:&quot;%t&quot;, &quot;method&quot;:&quot;%r&quot;, &quot;status&quot;:&quot;%s&quot;, &quot;send bytes&quot;:&quot;%b&quot;, &quot;Query?string&quot;:&quot;%q&quot;,  &quot;partner&quot;:&quot;%{Referer}i&quot;, &quot;Agent version&quot;:&quot;%{User-Agent}i&quot;}"/>

filebeat.inputs:

- type: log

  enabled: true

  paths:

    - /tmp/tomcat/logs/localhost_access.*

  var.convert_timezone: false

  json.keys_under_root: true

  json.overwrite_keys: true

  json.add_error_key: true

  fields:

  #multiline.pattern: ^\[

  #multiline.negate: true

  #multiline.match: after

   log_source: 116-tomcat

  tags: ["access","tomcat"]

filebeat.config.modules:

  path: ${path.config}/modules.d/*.yml

  reload.enabled: false

  var.convert_timezone: false

setup.template.enabled: false

setup.template.settings:

  index.number_of_shards: 3

setup.template.name: "filebeat"

setup.template.fields: "fields.yml"

setup.template.overwrite: false

setup.kibana:

output.elasticsearch:

  hosts: ["ip地址:9200"]

  #pipeline: "nginx-test"

  index: "tomcat-test-%{+yyyy.MM.dd}"

#  json.keys_under_root: true

#  json.overwrite_keys: true

processors:

  - add_host_metadata: ~

  - add_cloud_metadata: ~