一、logstash-7.10.2-linux-x86_64.tar.gz安装包下载
下载地址:https://www.elastic.co/cn/downloads/past-releases#logstash
二、logstash安装
1、将包logstash-7.10.2-linux-x86_64.tar.gz上传至服务器/data目录下,解压
tar xvf logstash-7.10.2-linux-x86_64.tar.gz
cd /data/logstash-7.10.2/config
cp logstash-sample.conf logstash.conf
vi logstash.conf
配置关键内容
input {
tcp {
port => 4560
codec => json_lines
}
}
output {
elasticsearch {
hosts => ["http://server12:9200","http://server13:9200","http://server14:9200"]
index => "%{[serverName]}-%{+YYYY.MM.dd}"
user => "elastic"
password => "elastic123456"
}
}
filter {
date {
match => ["PARAM_date", "yyyy.MM.dd.HH.mm","UNIX_MS"]
target => "@timestamp"
}
ruby {
code => "event.set('timestamp', event.get('@timestamp').time.localtime + 8*60*60)"
}
ruby {
code => "event.set('@timestamp',event.get('timestamp'))"
}
mutate {
remove_field => ["timestamp"]
}
}
2、新建启动脚本,时间长了,命令容易忘记
cd /data/
chown -R es:es logstash-7.10.2
su - es
cd /data/logstash-7.10.2
vi mystart.sh
加入配置
/data/logstash-7.10.2/bin/logstash -f /data/logstash-7.10.2/config/logstash.conf &
启动
sh mystart.sh
3、开放端口4560
三、logback集成
1、加入maven依赖包
<!--logback开始-->
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
<version>1.2.3</version>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-core</artifactId>
<version>1.2.3</version>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-access</artifactId>
<version>1.2.3</version>
</dependency>
<dependency>
<groupId>net.logstash.log4j</groupId>
<artifactId>jsonevent-layout</artifactId>
<version>1.6</version>
</dependency>
<dependency>
<groupId>net.logstash.logback</groupId>
<artifactId>logstash-logback-encoder</artifactId>
<version>5.0</version>
</dependency>
<!--logback结束-->
2、在resources目录下,新加logback.xml,关键配置如下:
<?xml version="1.0" encoding="UTF-8"?>
<configuration debug="false">
<!--定义日志文件的存储地址 勿在 LogBack 的配置中使用相对路径-->
<springProperty scope="context" name="logname" source="spring.application.name" />
<property name="LOG_HOME" value="../logs" />
<property name="LOG_NAME" value="shop-server" />
<property name="LOG_NAME" value="shop-server" />
<!-- 控制台输出 -->
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
<encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
<!--格式化输出:%d表示日期,%thread表示线程名,%-5level:级别从左显示5个字符宽度%msg:日志消息,%n是换行符-->
<pattern>[%d{yyyy-MM-dd HH:mm:ss} %-5level %logger{50}%line] %msg%n</pattern>
</encoder>
</appender>
<!-- 按照每天生成日志文件 -->
<appender name="FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
<!--日志文件输出的文件名-->
<FileNamePattern>${LOG_HOME}/log-${LOG_NAME}-%d{yyyy-MM-dd}.log</FileNamePattern>
<!--日志文件保留天数-->
<MaxHistory>30</MaxHistory>
</rollingPolicy>
<encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
<!--格式化输出:%d表示日期,%thread表示线程名,%-5level:级别从左显示5个字符宽度%msg:日志消息,%n是换行符-->
<pattern>[%d{yyyy-MM-dd HH:mm:ss} %-5level %logger{50}%line] %msg%n</pattern>
</encoder>
<!--日志文件最大的大小-->
<triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
<MaxFileSize>10MB</MaxFileSize>
</triggeringPolicy>
</appender>
<appender name="LOGSTASH"
class="net.logstash.logback.appender.LogstashTcpSocketAppender">
<destination>ip地址:4560</destination>
<!-- encoder必须配置,有多种可选 -->
<encoder charset="UTF-8" class="net.logstash.logback.encoder.LogstashEncoder">
<customFields>{"serverName":"${logname}"}</customFields>
</encoder>
</appender>
<!-- 日志输出级别 -->
<root level="INFO">
<appender-ref ref="STDOUT" />
<appender-ref ref="LOGSTASH" />
<appender-ref ref="FILE" />
</root>
<!--
<logger name="org.hibernate.engine.QueryParameters" level="DEBUG"/>
<logger name="org.hibernate.engine.query.HQLQueryPlan" level="DEBUG"/>
<logger name="org.hibernate.type.descriptor.sql.BasicBinder" level="TRACE"/>
-->
</configuration>
专注JAVA系统优化、系统结构调整、系统问题排查医治、系统升级、架构设计、SQL语句优化、小程序、APP、企业应用软件开发,请 + hekf888,欢迎关注,时常发布技术分享博文