1:资源
# 文档向导 # logstash https://www.elastic.co/guide/en/logstash/current/index.html #kibana https://www.elastic.co/guide/en/kibana/current/index.html #elasticsearch https://www.elastic.co/guide/en/elasticsearch/current/index.html # 资源下载 https://www.elastic.co/cn/downloads/elasticsearch https://www.elastic.co/cn/downloads/kibana https://www.elastic.co/cn/downloads/logstash
没有VPN的我这里提供最新版本的软件包:
链接:https://pan.baidu.com/s/1XtIL_6MJgn7vplILKG31_A 提取码:825n
2:安装ELK
安装ELK基本tar –xzvf 解压就行 这里给出关键配置
Kibana配置
conf文件夹下 kibana.yml
修改config/kibana.yml文件配置: vim kibana.yml kibana.yml常见配置项 # pingElasticsearch超时时间 elasticsearch.pingTimeout # 读取Elasticsearch数据超时时间 elasticsearch.requestTimeout #Elasticsearch主机地址 elasticsearch.url: "http://ip:9200" # 允许远程访问 server.host: "0.0.0.0" # Elasticsearch用户名 这里其实就是我在服务器启动Elasticsearch的用户名 elasticsearch.username: "es" # Elasticsearch鉴权密码 这里其实就是我在服务器启动Elasticsearch的密码 elasticsearch.password: "es"
server.port: 5601
server.host: "127.0.0.1"
server.name: tanklog
elasticsearch.hosts: ["http://localhost:9200/"]
Logstash配置
logstash目录下 新建conf文件
input { file { path => ["/usr/local/logstash/logstash-tutorial-dataset"] type => "syslog" tags => ["有用的","标识用的"] start_position => "beginning" sincedb_path => "/dev/null" } } output { elasticsearch { hosts => ["http://localhost:9200"] index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}" } }
3:启动配置
# 启动 elasticsearch #>>> ./elasticsearch #访问 dgw@ubuntu:~$ curl -L http://localhost:9200/ { "name" : "ubuntu", "cluster_name" : "elasticsearch", "cluster_uuid" : "CqSWrvU8TLiw_haNYjB0Ow", "version" : { "number" : "7.6.0", "build_flavor" : "default", "build_type" : "tar", "build_hash" : "7f634e9f44834fbc12724506cc1da681b0c3b1e3", "build_date" : "2020-02-06T00:09:00.449973Z", "build_snapshot" : false, "lucene_version" : "8.4.0", "minimum_wire_compatibility_version" : "6.8.0", "minimum_index_compatibility_version" : "6.0.0-beta1" }, "tagline" : "You Know, for Search" } # 启动 kibana #>>> kibana-7.6.0-linux-x86_64/bin$ ./kibana #访问 dgw@ubuntu:~$ curl -L http://localhost:5601/ # 启动 logstash #>>> dgw@ubuntu:~/Documents/logstash/logstash-7.6.0/bin$ ./logstash -f ../config/logstash-my.conf
4:导入POM依赖
<dependency>
<groupId>net.logstash.logback</groupId>
<artifactId>logstash-logback-encoder</artifactId>
<version>6.3</version>
</dependency>5配置logstash
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<include resource="org/springframework/boot/logging/logback/base.xml" />
<appender name="LOGSTASH" class="net.logstash.logback.appender.LogstashTcpSocketAppender">
<destination>127.0.0.1:4560</destination>
<!-- 日志输出编码 -->
<encoder charset="UTF-8"
class="net.logstash.logback.encoder.LoggingEventCompositeJsonEncoder">
<providers>
<timestamp>
<timeZone>UTC</timeZone>
</timestamp>
<pattern>
<pattern>
{
"logLevel": "%level",
"serviceName": "${springAppName:-}",
"pid": "${PID:-}",
"thread": "%thread",
"class": "%logger{40}",
"rest": "%message"
}
</pattern>
</pattern>
</providers>
</encoder>
</appender>
<root level="INFO">
<appender-ref ref="LOGSTASH" />
<appender-ref ref="CONSOLE" />
</root>
</configuration>input { tcp { mode => "server" host => "0.0.0.0" port => 4560 codec => json_lines } } output { elasticsearch { hosts => "localhost:9200" index => "springboot-logstash-%{+YYYY.MM.dd}" } }
6: 启动类设置输出信息
@SpringBootApplication @RestController public class SpringbootLogstashApplication { Logger logger = LoggerFactory.getLogger(SpringbootLogstashApplication.class); @GetMapping("test") public void test(){ logger.info("测试初始一些日志吧!"); } public static void main(String[] args) { SpringApplication.run(SpringbootLogstashApplication.class, args); } }
7:测试
对maven 项目执行 mvn package 打包 得到 jar文件 拷贝到Linux下
dgw@ubuntu:~/Documents$ java -jar logstash-0.0.1-SNAPSHOT.jar
上面页面创建索引后, 在发现页面: 找到我们项目info
