logstash监听logback输出日志并存储到es

先部署es

下载->解压->修改配置->运行

下载安装部署在我的另一篇文章里介绍了
https://blog.csdn.net/weixin_43944305/article/details/118469227

然后部署logstash
下载
https://www.elastic.co/cn/downloads/past-releases#logstash

解压

tar -zxvf logstash-6.3.0.tar.gz -C ~/app/
mv logstash-6.3.0 logstash

改下jvm配置，自己的小服务器吃不消

/home/ubuntu/app/logstash/config/jvm.options

修改logstash.yml对自定义配置文件热加载

# 设置节点的名字
node.name: logstash-01
# 设置 pipeline 的id
pipeline.id: main
pipeline.ordered: auto
# 设置pipeline 的线程数(filter+output)，默认是cpu的核数
# pipeline.workers: 2
# 设置main pipeline文件所在的位置
# path.config:
# 自动重新加载pipeline配置文件
config.reload.automatic: true
# 设置http api 绑定的ip和端口
http.host: 127.0.0.1
http.port: 9201
# 设置logstash队列的类型 为持久化，默认是 memory
queue.type: persisted

在/home/ubuntu/app/logstash/config目录下自定义一个配置文件，监听日志端口

input {
  tcp {
    # Logstash 作为服务
    mode => "server"
    #    host => "localhost"
    # 开放9001端口进行采集日志
    port => 9101
    # 编解码器
    codec => json_lines
  }
}

output {
  elasticsearch {
    # 配置ES的地址
    hosts => ["http://localhost:9200"]
    # 在ES里产生的index的名称
    index => "app-search-log-collection-%{+YYYY.MM.dd}"
    #user => "elastic"
    #password => "changeme"
  }
  stdout {
    codec => rubydebug
  }
}

指定配置文件启动

./bin/logstash -f ~/app/logstash/config/logstash-test.yml
#nohup后台启动
nohup /home/ubuntu/app/logstash/bin/logstash -f /home/ubuntu/app/logstash/config/logstash-test.conf &

再装个kibana来查看存储到es的数据

下载
https://www.elastic.co/cn/downloads/past-releases#kibana

解压

tar -zxvf kibana-6.3.0-linux-x86_64.tar.gz -C ~/app/
mv kibana-6.3.0-linux-x86_64 kibana-6.3.0

修改下配置

server.port: 5601
server.host: "0.0.0.0"
elasticsearch.url: "http://localhost:9200"
i18n.defaultLocale: "zh-CN"

启动

/home/ubuntu/app/kibana-6.3.0/bin/kibana
#后台启动
nohup ./kibana &

项目集成logback

项目里用了lombok


    org.projectlombok
    lombok



    net.logstash.logback
    logstash-logback-encoder
    6.3

项目的logback配置

  

    
    
    springcloud


    
        
            
                %date %level [%thread] %logger{36} [%file : %line] %msg%n
            
        
    

    
        
            ${logging.path}.%d{yyyy-MM-dd}.zip
        
        

        
        
            ERROR
            
            DENY
            
            ACCEPT
        
        
            
                %date %level [%thread] %logger{36} [%file : %line] %msg%n
            
        
        
        
            
            
                
                D:tomcatinfo.%d.log
            
        
    

    
        
            ${logging.path}.%d{yyyy-MM-dd}.zip
        
        
        
            
                ERROR
            
        
        
            
                %date %level [%thread] %logger{36} [%file : %line] %msg%n
            
        
        
        
            
            
                
                D:tomcaterror.%d.log
            
        
    



    
        
        ${logstash.host}
        ${logstash.port}

        1048576

        
            ERROR
            
            ACCEPT
            
            DENY
        

        
            
                
                    UTC
                
                
                    
                        {
                        "severity":"%level",
                        "service": "%contextName",
                        "pid": "${PID:-}",
                        "thread": "%thread",
                        "class": "%logger{40}",
                        "rest": "%message->%ex{full}"
                        }

进kibana（kibana的ip+5601默认端口访问）看一下，有了，搞定

logstash监听logback输出日志并存储到es

大数据系统相关栏目本月热门文章