亚洲视频二区_亚洲欧洲日本天天堂在线观看_日韩一区二区在线观看_中文字幕不卡一区

目錄

• 一、安裝Logstash
• 1.解壓tar包
• 2.配置config目錄下的logstash.conf
• 3.啟動命令
• 4.查看Logstash是否啟動成功
•  二、配置應用項目的logback環境
• 1.在pom.xml中添加Logstash依賴
• 2.在resouces目錄下添加logback-spring.xml
• 三、在kibana界面查看數據
• 1.查看索引管理
• 2.配置索引模式
• 總結

一、安裝Logstash

1.解壓tar包

cd /data/app/elk/elk-6.8.5
tar zxvf logstash-6.8.5.tar.gz

2.配置config目錄下的logstash.conf

# 數據輸入部分
input {
    # 讀取nginx訪問日志
    file {
		#path：監聽文件的路徑,絕對路徑
        path => "/data/app/nginx/logs/access.log" #為Nginx的access.log路徑
		# 格式：json
        codec => "json"
		#start_position:監聽文件的起始位置，beginning：從文件的頭開始讀取
        start_position => "beginning"
		#type：自定義類型
        type => "nginx-access-log"
    }
    # 讀取nginx異常日志
    file {
        path => "/data/app/nginx/logs/error.log" #為Nginx的error.log路徑
        # 格式：plain,輸入的是字符串，輸出把全部內容放到message字段
        codec => "plain"
        start_position => "beginning"
        type => "nginx-error-log"
    }
	#filebeats方式	
	beats {
		port => 5044
        type => "beats_log"
	}
	#自定義端口，一個項目可對應一個自定義tcp端口接收數據
	tcp {
		mode => "server"
		host => "192.168.X.X" #IP地址
		port => 21022
		codec => json
		type => "application-log" #application一般為項目名稱
	}
}
# 數據處理部分
filter{
	if[type] == "application-log"{
		mutate {
			rename => {"host" => "hostname"}
		}
	}
}
# 數據輸出部分
output {
    # beat監控信息
	if [type] == "beats_log"{
		elasticsearch {
            hosts => ["192.168.X.X:9200"]
			manage_template => false
			index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
            user => "elastic"
            password => "elastic2021"
        }
	}
    # nginx訪問日志
    if[type] == "nginx-access-log" {
        elasticsearch {
            hosts => ["192.168.X.X:9200"]
            index => "nginx-access-log-%{+YYYY.MM.dd}" 
			# elasticsearch的用戶名、密碼
            user => "elastic"
            password => "elastic2021"
        }
    }
    # nginx異常日志
    if[type] == "nginx-error-log"{
        elasticsearch{
            hosts => ["192.168.X.X:9200"]
            index => "nginx-error-log-%{+YYYY.MM.dd}"
            user => "elastic"
            password => "elastic2021"
        }
    }
	# 應用系統日志
	if[type] == "application-log"{
		elasticsearch {
			hosts => ["192.168.X.X:9200"]   
			index => "application-log-%{+YYYY.MM.dd}"
			user => "elastic"
			password => "elastic2021"
		}
	}
}

3.啟動命令

cd /data/app/elk/elk-6.8.5/logstash-6.8.5
nohup ./bin/logstash -f config/logstash.conf &

4.查看Logstash是否啟動成功

ps -ef | grep logstash

 二、配置應用項目的logback環境

1.在pom.xml中添加Logstash依賴

<!-- logstash 6.2 -->
<dependency>
   <groupId>net.logstash.logback</groupId>
   <artifactId>logstash-logback-encoder</artifactId>
   <version>6.2</version>
</dependency>

2.在resouces目錄下添加logback-spring.xml

<?xml version="1.0" encoding="UTF-8" ?>
<configuration debug="false">
	<!-- 為logstash輸出的JSON格式的Appender -->
	<appender name="logstash_dev"
			  class="net.logstash.logback.appender.LogstashTcpSocketAppender">
		<destination>192.168.X.X:21021</destination>
		<!-- 日志輸出編碼 -->
		<encoder
				class="net.logstash.logback.encoder.LoggingEventCompositeJsonEncoder">
			<providers>
				<timestamp>
					<timeZone>UTC</timeZone>
				</timestamp>
				<pattern>
					<pattern>
						{
						"severity": "%level",
						"service": "${APP_NAME:-}",
						"trace": "%X{X-B3-TraceId:-}",
						"span": "%X{X-B3-SpanId:-}",
						"parent": "%X{X-B3-ParentSpanId:-}",
						"exportable": "%X{X-Span-Export:-}",
						"pid": "${PID:-}",
						"thread": "%thread",
						"class": "%logger",
						"rest": "%message"
						}
					</pattern>
				</pattern>
			</providers>
		</encoder>
	</appender>
	<!-- 開發環境 -->
    <springProfile name="develop">
        <!--設置根日志級別-->
        <root level="INFO">
            <appender-ref ref="logstash_dev"/>
        </root>
    </springProfile>
</configuration>

三、在kibana界面查看數據

瀏覽器訪問192.168.X.X:5601

1.查看索引管理

2.配置索引模式

總結

以上為個人經驗，希望能給大家一個參考，也希望大家多多支持。