logstash与logback的集成,实现日志信息直接通过logstash发送到ES
配置logback-spring.xml
1 2 3 4 5 6 7 8 9 10
| <property name="CONSOLE_LOG_PATTERN" value="%d{yyyy-MM-dd HH:mm:ss.SSS}|%mdc{tid}|%thread|%level|%logger|%msg%n"/>
<appender name="LOGSTASH" class="net.logstash.logback.appender.LogstashTcpSocketAppender"> <destination>192.168.2.254:5044</destination> <encoder charset="UTF-8" class="net.logstash.logback.encoder.LogstashEncoder"/> </appender>
<root level="INFO"> <appender-ref ref="LOGSTASH"/> </root>
|
配置logstash-xxx.conf
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
| input { tcp { mode => "server" host => "0.0.0.0" port => 5044 codec => json_lines } }
output { elasticsearch { hosts => ["http://localhost:9200"] index => "xxx-logstash-%{+YYYY.MM.dd}" } }
|
kibana安装logtrail,logtrail对应版本地址请在 https://github.com/sivasamyk/logtrail 获取
1
| kibana-plugin.bat install https://github.com/sivasamyk/logtrail/releases/download/v0.1.31/logtrail-7.6.2-0.1.31.zip
|
logtrail.json配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39
| { "version" : 2, "index_patterns" : [ { "es": { "default_index": "xxx-logstash-*" }, "tail_interval_in_seconds": 10, "es_index_time_offset_in_seconds": 0, "display_timezone": "local", "display_timestamp_format": "YYYY-MM-DD HH:mm:ss", "max_buckets": 500, "default_time_range_in_days" : 0, "max_hosts": 100, "max_events_to_keep_in_viewer": 5000, "default_search": "", "fields" : { "mapping" : { "timestamp" : "@timestamp", "hostname" : "host", "message": "message" }, "message_format": "{{{tid}}}|{{{level}}}|{{{logger_name}}}|{{{message}}}", "keyword_suffix" : "keyword" }, "color_mapping" : { "field": "level", "mapping": { "ERROR": "#FF0000", "WARN": "#FFEF96", "DEBUG": "#B5E7A0", "TRACE": "#CFE0E8", "INFO": "#339999" } } } ] }
|
最后更新时间: