filebeat 日誌狀態 30 每秒

我正在學習使用 ELK 並擁有一台作為測試客戶端執行的 debian PC。每 30 秒它會記錄一條消息：

021-01-18T08:29:59.656-0500#011INFO#011[monitoring]#011log/log.go:145#011Non-zero metrics in the last 30s#011{"monitoring": {"metrics": {"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":4096}}}},"cpu":{"system":{"ticks":171310,"time":{"ms":11}},"total":{"ticks":433770,"time":{"ms":24},"value":433770},"user":{"ticks":262460,"time":{"ms":13}}},"handles":{"limit":{"hard":524288,"soft":1024},"open":13},"info":{"ephemeral_id":"e83bbdd5-2482-4ac4-85b9-5b50f2b64e7c","uptime":{"ms":444690082}},"memstats":{"gc_next":20543200,"memory_alloc":12804128,"memory_total":20951973208},"runtime":{"goroutines":54}},"filebeat":{"events":{"added":2,"done":2},"harvester":{"open_files":2,"running":2}},"libbeat":{"config":{"module":{"running":1}},"output":{"events":{"acked":2,"batches":2,"total":2},"read":{"bytes":681},"write":{"bytes":4714}},"pipeline":{"clients":3,"events":{"active":0,"published":2,"total":2},"queue":{"acked":2}}},"registrar":{"states":{"current":15,"update":2},"writes":{"success":2,"total":2}},"system":{"load":{"1":0,"15":0,"5":0,"norm":{"1":0,"15":0,"5":0}}}}}}

我不想每 30 秒就有一次，所以我創建了一個 filebeat.yml 在 filebeat 中過濾掉它

在我寫的路徑部分下

exclude_lines :['^INFO#011[monitoring]#011log/log.go:145#011Non-zero']

沒有效果，該行應該如何？

我有幾個附帶問題，

• 如果不是每 30 秒記錄一次，那對我來說沒問題，這個狀態可以每 5 分鐘記錄一次嗎？
• 好吧，我是 ELK 的新手，我認為這條線不應該在 filebeat 中（因為它應該記錄系統的記憶體統計資訊，或者我讀錯了嗎？）另一方面，知道這些統計資訊也不錯，但是為什麼它在 Gui 中沒有很好地顯示

這些類型的日誌可以在 filebeat.yml 集中禁用：

logging.metrics.enabled: false  
# by default its true

引用自：https://serverfault.com/questions/1051115