logstash与logback的集成,实现日志信息直接通过logstash发送到ES

配置logback-spring.xml

1
2
3
4
5
6
7
8
9
10
<property name="CONSOLE_LOG_PATTERN" value="%d{yyyy-MM-dd HH:mm:ss.SSS}|%mdc{tid}|%thread|%level|%logger|%msg%n"/>

<appender name="LOGSTASH" class="net.logstash.logback.appender.LogstashTcpSocketAppender">
<destination>192.168.2.254:5044</destination>
<encoder charset="UTF-8" class="net.logstash.logback.encoder.LogstashEncoder"/>
</appender>

<root level="INFO">
<appender-ref ref="LOGSTASH"/>
</root>

配置logstash-xxx.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
input {
tcp {
mode => "server"
host => "0.0.0.0"
port => 5044
codec => json_lines
}
}

output {
elasticsearch {
hosts => ["http://localhost:9200"]
index => "xxx-logstash-%{+YYYY.MM.dd}"
}
}

kibana安装logtrail,logtrail对应版本地址请在 https://github.com/sivasamyk/logtrail 获取

1
kibana-plugin.bat install https://github.com/sivasamyk/logtrail/releases/download/v0.1.31/logtrail-7.6.2-0.1.31.zip

logtrail.json配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
{
"version" : 2,
"index_patterns" : [
{
"es": {
"default_index": "xxx-logstash-*"
},
"tail_interval_in_seconds": 10,
"es_index_time_offset_in_seconds": 0,
"display_timezone": "local",
"display_timestamp_format": "YYYY-MM-DD HH:mm:ss",
"max_buckets": 500,
"default_time_range_in_days" : 0,
"max_hosts": 100,
"max_events_to_keep_in_viewer": 5000,
"default_search": "",
"fields" : {
"mapping" : {
"timestamp" : "@timestamp",
"hostname" : "host",
"message": "message"

},
"message_format": "{{{tid}}}|{{{level}}}|{{{logger_name}}}|{{{message}}}",
"keyword_suffix" : "keyword"
},
"color_mapping" : {
"field": "level",
"mapping": {
"ERROR": "#FF0000",
"WARN": "#FFEF96",
"DEBUG": "#B5E7A0",
"TRACE": "#CFE0E8",
"INFO": "#339999"
}
}
}
]
}