之前ELK的安装可以查看前面一篇博客
下面是我的logback的配置文件,通过logback的appender直接导入logstash
<?xml version="1.0" encoding="UTF-8"?> <configuration> <include resource="org/springframework/boot/logging/logback/base.xml" /> <appender name="LOGSTASH" class="net.logstash.logback.appender.LogstashTcpSocketAppender"> <destination>127.0.0.1:4560</destination> <!-- 日志输出编码 --> <encoder charset="UTF-8" class="net.logstash.logback.encoder.LoggingEventCompositeJsonEncoder"> <providers> <timestamp> <timeZone>UTC</timeZone> </timestamp> <pattern> <pattern> { "logLevel": "%level", "serviceName": "${springAppName:-}", "pid": "${PID:-}", "thread": "%thread", "class": "%logger{40}", "rest": "%message" } </pattern> </pattern> </providers> </encoder> </appender> <root level="INFO"> <appender-ref ref="LOGSTASH" /> <appender-ref ref="CONSOLE" /> </root> </configuration>
测试类
@RestController @SpringBootApplication public class LogstashApplication { Logger logger = LoggerFactory.getLogger(LogstashApplication.class); @GetMapping("test") public void test(){ logger.info("测试初始一些日志吧!"); } public static void main(String[] args) { SpringApplication.run(LogstashApplication.class, args); } }
然后打成jar包
修改配置文件
[root@topcheer logstash-6.2.3]# cat springboot.conf input { tcp { mode => "server" host => "0.0.0.0" port => 4560 codec => json_lines } } output { elasticsearch { hosts => ["127.0.0.1:9200"] action => "index" index => "logstash_%{+YYYY.MM.dd}" } } [root@topcheer logstash-6.2.3]#
启动logstash
[root@topcheer logstash-6.2.3]# rm -rf nohup.out [root@topcheer logstash-6.2.3]# nohup bin/logstash -f springboot.conf & [1] 23253 [root@topcheer logstash-6.2.3]# nohup: 忽略输入并把输出追加到"nohup.out" [root@topcheer logstash-6.2.3]# lsof -i:4560
启动kibana
[root@topcheer kibana-6.2.3-linux-x86_64]# rm -rf nohup.out [root@topcheer kibana-6.2.3-linux-x86_64]# nohup bin/kibana & [2] 25071 [root@topcheer kibana-6.2.3-linux-x86_64]# nohup: 忽略输入并把输出追加到"nohup.out" [root@topcheer kibana-6.2.3-linux-x86_64]# ll 总用量 1164 drwxr-xr-x 2 wgr wgr 64 3月 13 2018 bin
运行jar包
查看监控页面