Logstash配置

1、首先在 Logstach_HOME 目录中创建一个配置文件,名为 logstash.conf(名字任意)

在logstash.conf配置文件中添加如下配置:

input {
  tcp {
    mode => "server"
    host => "0.0.0.0"
    port => 9600
    codec => json_lines
  }
}

output {
    elasticsearch {
        hosts => "192.168.192.11:9200"
        index => "syslog-%{+YYYY.MM.dd}"
    }
}

2、启动logstash

bin/logstash -f logstash.conf

整合SpringBoot项目

1、创建springboot项目,并在pom.xml中添加如下依赖:

<dependency>
    <groupId>net.logstash.logback</groupId>
    <artifactId>logstash-logback-encoder</artifactId>
    <version>5.3</version>
</dependency>

2、在resources目录下创建logback.xml文件,配置如下:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <include resource="org/springframework/boot/logging/logback/base.xml" />

    <!--从application.yml配置中加载spring.application.name属性-->
    <springProperty scope="context" name="springAppName" source="spring.application.name"/>

    <appender name="LOGSTASH" class="net.logstash.logback.appender.LogstashTcpSocketAppender">
        <destination>192.168.192.11:9600</destination>
        <!-- 日志输出编码 -->
        <encoder charset="UTF-8"
                 class="net.logstash.logback.encoder.LoggingEventCompositeJsonEncoder">
            <providers>
                <timestamp>
                    <timeZone>UTC</timeZone>
                </timestamp>
                <pattern>
                    <pattern>
                        {
                        "logLevel": "%level",
                        "serviceName": "${springAppName:-}",
                        "pid": "${PID:-}",
                        "thread": "%thread",
                        "class": "%logger{40}",
                        "rest": "%message"
                        }
                    </pattern>
                </pattern>
            </providers>
        </encoder>
    </appender>

    <root level="INFO">
        <appender-ref ref="LOGSTASH" />
        <appender-ref ref="CONSOLE" />
    </root>

</configuration>

3、在项目接口中添加log日志

 @GetMapping("test")
    public void test(){
        logger.info("测试初始一些日志吧!");
}

4、测试

分别启动Elasticsearch、Kibana、Logstash

打开kibana管理页面,添加刚刚创建的索引,如图所示:

kibana-index.png
kibana-index2.png

接下来在浏览器多次调用test接口

然后进入发现页,选择刚刚的索引,如下所示:

kibana-find.png

此时说明日志信息已经存储到Elasticsearch当中,并且可以用过Kibaba实现展示与查询