学海无涯
go,go,go

ELFK部署安装(六)-收集java日志

#配置filebeat去拉取es的日志

cat >/etc/filebeat/filebeat.yml<<'EOF'
filebeat.inputs:
#################nginx#############
- type: log
  enabled: true 
  paths:
    - /var/log/nginx/access.log
  json.keys_under_root: true
  json.overwrite_keys: true
  tags: ["access"] 

- type: log
  enabled: true 
  paths:
    - /var/log/nginx/error.log
  tags: ["error"]

#################tomcat#############
- type: log
  enabled: true 
  paths:
    - /var/log/tomcat/localhost_access_log.*.txt
  json.keys_under_root: true
  json.overwrite_keys: true
  tags: ["tomcat"] 

#################es#############
- type: log
  enabled: true 
  paths:
    - /var/log/elasticsearch/elasticsearch.log
  tags: ["es"] 
  multiline.pattern: '^\['
  multiline.negate: true
  multiline.match: after 
  
#################output#############
setup.kibana:
  host: "192.168.2.197:5601"

output.elasticsearch:
  hosts: ["192.168.2.197:9200"]

  indices:
    - index: "nginx-access-%{[beat.version]}-%{+yyyy.MM}"
      when.contains:
        tags: "access"
    - index: "nginx-error-%{[beat.version]}-%{+yyyy.MM}"
      when.contains:
        tags: "error"
    - index: "tomcat-access-%{[beat.version]}-%{+yyyy.MM}"
      when.contains:
        tags: "tomcat"
    - index: "es-java-%{[beat.version]}-%{+yyyy.MM}"
      when.contains:
        tags: "es"

setup.template.name: "nginx"
setup.template.pattern: "nginx-*"
setup.template.enabled: false
setup.template.overwrite: true
EOF
#重启filebeat
systemctl restart filebeat.service

#重启es获取日志
systemctl restart elasticsearch

#新添加配置说明  
 multiline.pattern: '^\['  多行匹配模式使用正则表达式表示匹配以[开头的行,匹配上开始发送给es,没匹配上缓存日志
  multiline.negate: true    该参数意思是是否否定多行融入。这个参数比较复杂费解(我也不明白为啥elk会搞个这么复杂的负逻辑,没有人反馈过么),详细情况请见下面横图分析。
  multiline.match: after multiline.match:取值为after或before。该值与上面的pattern与negate值配合使用
  - index: "es-java-%{[beat.version]}-%{+yyyy.MM}"  新添加es的索引
  when.contains:                                     es判断语句
  tags: "es"                                         tags判断是es的话就把日志输入到索引es-java-%{[beat.version]}-%{+yyyy.MM}

#网页创建索引

#往es的日志文件手动追加日志

cat >>/var/log/elasticsearch/elasticsearch.log<<'EOF'
[2019-12-15T22:40:28,111]   测试日志
Exception in thread "main" SettingsException[Failed to load settings from [elasticsearch.yml]]; nested: ElasticsearchParseException[malformed, expected settings to start with 'object', instead was [VALUE_STRING]];
ry=1910050816, xpack.installed=true, ml.max_open_jobs=20, ml.enabled=true}, reason: apply cluster state (from master [master {node-2}{-Iu1BdQSQImyKsIHwFJfbg}{Ky76BTudQeec-ljaeguMbw}{192.168.2.196}{192.168.2.196:9300}{ml.machine_memory=1910050816, xpack.installed=true, ml.max_open_jobs=20, ml.enabled=true} committed version [1] source [zen-disco-elected-as-masterry=1910050816, xpack.installed=true,ry=1910050816, xpack.installed=true, ml.max_open_jobs=20, ml.enabled=true}, reason: apply cluster state (from master [master {node-2}{-Iu1BdQSQImyKsIHwFJfbg}{Ky76BTudQeec-ljaeguMbw}{192.168.2.196}{192.168.2.196:9300}{ml.machine_memory=1910050816, xpack.installed=true, ml.max_open_jobs=20, ml.enabled=true} committed version [1] source [zen-disco-elected-as-masterry=1910050816, xpack.installed=true, ml.max_open_jobs=20, ml.enabled=true}, reason: apply cluster state (from master [master {node-2}{-Iu1BdQSQImyKsIHwFJfbg}{Ky76BTudQeec-ljaeguMbw}{192.168.2.196}{192.168.2.196:9300}{ml.machine_memory=1910050816, xpack.installed=true, ml.max_open_jobs=20, ml.enabled=true} committed version [1] source [zen-disco-elected-as-masterry=1910050816, xpack.installed=true, ml.max_open_jobs=20, ml.enabled=true}, reason: apply cluster state (from master [master {node-2}{-Iu1BdQSQImyKsIHwFJfbg}{Ky76BTudQeec-ljaeguMbw}{192.168.2.196}{192.168.2.196:9300}{ml.machine_memory=1910050816, xpack.installed=true, ml.max_open_jobs=20, ml.enabled=true} committed version [1] source [zen-disco-elected-as-masterml.max_open_jobs=20, ml.enabled=true}, reason: apply cluster state (from master [master {node-2}{-Iu1BdQSQImyKsIHwFJfbg}{Ky76BTudQeec-ljaeguMbw}{192.168.2.196}{192.168.2.196:9300}{ml.machine_memory=1910050816, xpack.installed=true, ml.max_open_jobs=20, ml.enabled=true} committed version [1] source [zen-disco-elected-as-masterry=1910050816, xpack.installed=true, ml.max_open_jobs=20, ml.enabled=true}, reason: apply cluster state (from master [master {node-2}{-Iu1BdQSQImyKsIHwFJfbg}{Ky76BTudQeec-ljaeguMbw}{192.168.2.196}{192.168.2.196:9300}{ml.machine_memory=1910050816, xpack.installed=true, ml.max_open_jobs=20, ml.enabled=true} committed version [1] source [zen-disco-elected-as-masterry=1910050816, xpack.installed=true, ml.max_open_jobs=20, ml.enabled=true}, reason: apply cluster state (from master [master {node-2}{-Iu1BdQSQImyKsIHwFJfbg}{Ky76BTudQeec-ljaeguMbw}{192.168.2.196}{192.168.2.196:9300}{ml.machine_memory=1910050816, xpack.installed=true, ml.max_open_jobs=20, ml.enabled=true} committed version [1] source [zen-disco-elected-as-masterry=1910050816, xpack.installed=true, ml.max_open_jobs=20, ml.enabled=true}, reason: apply cluster state (from master [master {node-2}{-Iu1BdQSQImyKsIHwFJfbg}{Ky76BTudQeec-ljaeguMbw}{192.168.2.196}{192.168.2.196:9300}{ml.machine_memory=1910050816, xpack.installed=true, ml.max_open_jobs=20, ml.enabled=true} committed version [1] source [zen-disco-elected-as-master
测试日志
EOF
#重启elasticsearch
systemctl restart elasticsearch

#在网页检查

赞(0) 打赏
未经允许不得转载:YYQ运维技术博客_运维的工作学习之路 » ELFK部署安装(六)-收集java日志
分享到: 更多 (0)

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址

运维devops

联系我们关于本博客

觉得文章有用就打赏一下文章作者

支付宝扫一扫打赏

微信扫一扫打赏