Linux下安装Logstash
一、安装Logstash1.解压tar包cd /data/app/elk/elk-6.8.5tar zxvf logstash-6.8.5.tar.gz2.配置config目录下的logstash.conf# 数据输入部分input {# 读取nginx访问日志file {#path:监听文件的路径,绝对路径path => "/data/app/nginx/logs/access.log"
·
一、安装Logstash
1.解压tar包
cd /data/app/elk/elk-6.8.5
tar zxvf logstash-6.8.5.tar.gz
2.配置config目录下的logstash.conf
# 数据输入部分
input {
# 读取nginx访问日志
file {
#path:监听文件的路径,绝对路径
path => "/data/app/nginx/logs/access.log" #为Nginx的access.log路径
# 格式:json
codec => "json"
#start_position:监听文件的起始位置,beginning:从文件的头开始读取
start_position => "beginning"
#type:自定义类型
type => "nginx-access-log"
}
# 读取nginx异常日志
file {
path => "/data/app/nginx/logs/error.log" #为Nginx的error.log路径
# 格式:plain,输入的是字符串,输出把全部内容放到message字段
codec => "plain"
start_position => "beginning"
type => "nginx-error-log"
}
#filebeats方式
beats {
port => 5044
type => "beats_log"
}
#自定义端口,一个项目可对应一个自定义tcp端口接收数据
tcp {
mode => "server"
host => "192.168.X.X" #IP地址
port => 21022
codec => json
type => "application-log" #application一般为项目名称
}
}
# 数据处理部分
filter{
if[type] == "application-log"{
mutate {
rename => {"host" => "hostname"}
}
}
}
# 数据输出部分
output {
# beat监控信息
if [type] == "beats_log"{
elasticsearch {
hosts => ["192.168.X.X:9200"]
manage_template => false
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
user => "elastic"
password => "elastic2021"
}
}
# nginx访问日志
if[type] == "nginx-access-log" {
elasticsearch {
hosts => ["192.168.X.X:9200"]
index => "nginx-access-log-%{+YYYY.MM.dd}"
# elasticsearch的用户名、密码
user => "elastic"
password => "elastic2021"
}
}
# nginx异常日志
if[type] == "nginx-error-log"{
elasticsearch{
hosts => ["192.168.X.X:9200"]
index => "nginx-error-log-%{+YYYY.MM.dd}"
user => "elastic"
password => "elastic2021"
}
}
# 应用系统日志
if[type] == "application-log"{
elasticsearch {
hosts => ["192.168.X.X:9200"]
index => "application-log-%{+YYYY.MM.dd}"
user => "elastic"
password => "elastic2021"
}
}
}
3.启动命令
cd /data/app/elk/elk-6.8.5/logstash-6.8.5
nohup ./bin/logstash -f config/logstash.conf &
4.查看Logstash是否启动成功
ps -ef | grep logstash
二、配置应用项目的logback环境
1.在pom.xml中添加Logstash依赖
<!-- logstash 6.2 -->
<dependency>
<groupId>net.logstash.logback</groupId>
<artifactId>logstash-logback-encoder</artifactId>
<version>6.2</version>
</dependency>
2.在resouces目录下添加logback-spring.xml
<?xml version="1.0" encoding="UTF-8" ?>
<configuration debug="false">
<!-- 为logstash输出的JSON格式的Appender -->
<appender name="logstash_dev"
class="net.logstash.logback.appender.LogstashTcpSocketAppender">
<destination>192.168.X.X:21021</destination>
<!-- 日志输出编码 -->
<encoder
class="net.logstash.logback.encoder.LoggingEventCompositeJsonEncoder">
<providers>
<timestamp>
<timeZone>UTC</timeZone>
</timestamp>
<pattern>
<pattern>
{
"severity": "%level",
"service": "${APP_NAME:-}",
"trace": "%X{X-B3-TraceId:-}",
"span": "%X{X-B3-SpanId:-}",
"parent": "%X{X-B3-ParentSpanId:-}",
"exportable": "%X{X-Span-Export:-}",
"pid": "${PID:-}",
"thread": "%thread",
"class": "%logger",
"rest": "%message"
}
</pattern>
</pattern>
</providers>
</encoder>
</appender>
<!-- 开发环境 -->
<springProfile name="develop">
<!--设置根日志级别-->
<root level="INFO">
<appender-ref ref="logstash_dev"/>
</root>
</springProfile>
</configuration>
三、在kibana界面查看数据
浏览器访问192.168.X.X:5601
1.查看索引管理
2.配置索引模式
四、参考文章
更多推荐
已为社区贡献13条内容
所有评论(0)