收集JAVA格式日志

1 查看Java格式日志

elasticsearch属于Java日志,可以收集elasticsearch作为Java日志范本

[root@node3 ~]# tail -f /usr/local/elasticsearch/logs/my-elktest-cluster.log

[2020-01-19T01:57:18,496][INFO ][o.e.t.TransportService   ] [node-3] publish_address {192.168.132.133:9300}, bound_addresses {[::]:9300}

[2020-01-19T01:57:18,506][INFO ][o.e.b.BootstrapChecks    ] [node-3] bound or publishing to a non-loopback address, enforcing bootstrap checks

[2020-01-19T01:57:18,531][INFO ][o.e.c.c.Coordinator      ] [node-3] cluster UUID [4xt-ZTijTz2oTnlz1gMFjg]

[2020-01-19T01:57:19,195][INFO ][o.e.c.s.ClusterApplierService] [node-3] master node changed {previous [], current [{node-2}{9qVjdVSvSAGlZ7lpB9O78g}{m9_mEscHTMKQ0VwFt9YHog}{192.168.132.132}{192.168.132.132:9300}{dilm}{ml.machine_memory=1907953664, ml.max_open_jobs=20, xpack.installed=true}]}, added {{node-1}{KupGTMgUTTmp3poPa9iYdQ}{9vTQ4MQfRgqkB_gv4Jyp_A}{192.168.132.131}{192.168.132.131:9300}{dilm}{ml.machine_memory=1907953664, ml.max_open_jobs=20, xpack.installed=true},{node-2}{9qVjdVSvSAGlZ7lpB9O78g}{m9_mEscHTMKQ0VwFt9YHog}{192.168.132.132}{192.168.132.132:9300}{dilm}{ml.machine_memory=1907953664, ml.max_open_jobs=20, xpack.installed=true},}, term: 705, version: 875, reason: ApplyCommitRequest{term=705, version=875, sourceNode={node-2}{9qVjdVSvSAGlZ7lpB9O78g}{m9_mEscHTMKQ0VwFt9YHog}{192.168.132.132}{192.168.132.132:9300}{dilm}{ml.machine_memory=1907953664, ml.max_open_jobs=20, xpack.installed=true}}

2 直接使用filebeat收集

直接配置,使用filebeat收集

filebeat.inputs:

#####################################################

## Nginx log

#####################################################

- type: log

  enabled: true

  paths:

    - /usr/local/nginx/logs/access.log

  json.key_under_root: true

  json.overwrite_keys: true

  tags: ["access"]

- type: log

  enabled: true

  paths:

    - /usr/local/nginx/logs/error.log

  tags: ["error"]

#####################################################

## tomcat  log

#####################################################

- type: log

  enabled: true

  paths:

    - /var/log/tomcat/localhost_access_log.*.txt

  json.key_under_root: true

  json.overwrite_keys: true

  tags: ["tomcat"]

#####################################################

## tomcat  log

#####################################################

- type: log

  enabled: true

  paths:

    - /usr/local/elasticsearch/logs/my-elktest-cluster.log

  tags: ["es-java"]

#####################################################

## Output

#####################################################

setup.kibana:

  host: "192.168.132.131:5601"

output.elasticsearch:

  hosts: ["192.168.132.131:9200","192.168.132.132:9200","192.168.132.133:9200"]

  #index: "nginx-%{[agent.version]}-%{+yyyy.MM.dd}"

  indices:

    - index: "access-%{[agent.version]}-%{+yyyy.MM.dd}"

      when.contains:

        tags: "access"

    - index: "error-%{[agent.version]}-%{+yyyy.MM.dd}"

      when.contains:

        tags: "error"

    - index: "tomcat-access-%{[agent.version]}-%{+yyyy.MM.dd}"

      when.contains:

        tags: "tomcat"

    - index: "javaes-access-%{[agent.version]}-%{+yyyy.MM.dd}"

      when.contains:

        tags: "es-java"

setup.template.name: "nginx"

setup.template.pattern: "nginx-*"

setup.template.overwrite: true

setup.template.enabled: true

setup.ilm.enabled: false

[root@node3 ~]# systemctl restart filebeat

3 错误日志显示不清晰

但是错误信息分开显示

[2020-01-19T01:55:48,077][WARN ][o.e.c.NodeConnectionsService] [node-3] failed to connect to {node-2}{9qVjdVSvSAGlZ7lpB9O78g}{aFwQRTD4TWKE97npXNwSVg}{192.168.132.132}{192.168.132.132:9300}{dilm}{ml.machine_memory=1907953664, ml.max_open_jobs=20, xpack.installed=true} (tried [1] times)

org.elasticsearch.transport.ConnectTransportException: [node-2][192.168.132.132:9300] connect_exception

        at org.elasticsearch.transport.TcpTransport$ChannelsConnectedListener.onFailure(TcpTransport.java:976) ~[elasticsearch-7.4.2.jar:7.4.2]

        at org.elasticsearch.action.ActionListener.lambda$toBiConsumer$3(ActionListener.java:161) ~[elasticsearch-7.4.2.jar:7.4.2]

        at org.elasticsearch.common.concurrent.CompletableContext.lambda$addListener$0(CompletableContext.java:42) ~[elasticsearch-core-7.4.2.jar:7.4.2]

        at java.util.concurrent.CompletableFuture.uniWhenComplete(CompletableFuture.java:859) ~[?:?]

        at java.util.concurrent.CompletableFuture$UniWhenComplete.tryFire(CompletableFuture.java:837) ~[?:?]

        at java.util.concurrent.CompletableFuture.postComplete(CompletableFuture.java:506) ~[?:?]

        at java.util.concurrent.CompletableFuture.completeExceptionally(CompletableFuture.java:2159) ~[?:?]

        at org.elasticsearch.common.concurrent.CompletableContext.completeExceptionally(CompletableContext.java:57) ~[elasticsearch-core-7.4.2.jar:7.4.2]

        at org.elasticsearch.transport.netty4.Netty4TcpChannel.lambda$addListener$0(Netty4TcpChannel.java:68) ~[?:?]

        at io.netty.util.concurrent.DefaultPromise.notifyListener0(DefaultPromise.java:500) ~[?:?]

        at io.netty.util.concurrent.DefaultPromise.notifyListeners0(DefaultPromise.java:493) ~[?:?]

        at io.netty.util.concurrent.DefaultPromise.notifyListenersNow(DefaultPromise.java:472) ~[?:?]

        at io.netty.util.concurrent.DefaultPromise.notifyListeners(DefaultPromise.java:413) ~[?:?]

        at io.netty.util.concurrent.DefaultPromise.setValue0(DefaultPromise.java:538) ~[?:?]

        at io.netty.util.concurrent.DefaultPromise.setFailure0(DefaultPromise.java:531) ~[?:?]

        at io.netty.util.concurrent.DefaultPromise.tryFailure(DefaultPromise.java:111) ~[?:?]

        at io.netty.channel.nio.AbstractNioChannel$AbstractNioUnsafe.fulfillConnectPromise(AbstractNioChannel.java:323) ~[?:?]

        at io.netty.channel.nio.AbstractNioChannel$AbstractNioUnsafe.finishConnect(AbstractNioChannel.java:339) ~[?:?]

        at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:685) ~[?:?]

        at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:597) ~[?:?]

        at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:551) ~[?:?]

        at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:511) ~[?:?]

Caused by: java.net.ConnectException: Connection refused

        at sun.nio.ch.Net.pollConnect(Native Method) ~[?:?]

        at sun.nio.ch.Net.pollConnectNow(Net.java:579) ~[?:?]

        at sun.nio.ch.SocketChannelImpl.finishConnect(SocketChannelImpl.java:820) ~[?:?]

        at io.netty.channel.socket.nio.NioSocketChannel.doFinishConnect(NioSocketChannel.java:327) ~[?:?]

        at io.netty.channel.nio.AbstractNioChannel$AbstractNioUnsafe.finishConnect(AbstractNioChannel.java:336) ~[?:?]

        ... 7 more

[2020-01-19T01:55:49,727][INFO ][o.e.n.Node               ] [node-3] stopping ...

这是一段错误日志,需要单独收集

4 配置filebat的多行匹配

以时间作为标识,再读取一个时间标记之后,先缓存,当读到下一个时间标记,再整个发送日志,相当于多行匹配

官方文档:https://www.elastic.co/guide/en/beats/filebeat/current/multiline-examples.html

multiline.pattern: '^\['

multiline.negate: true

multiline.match: after

配置filebeat

filebeat.inputs:

#####################################################

## Nginx log

#####################################################

- type: log

  enabled: true

  paths:

    - /usr/local/nginx/logs/access.log

  json.key_under_root: true

  json.overwrite_keys: true

  tags: ["access"]

- type: log

  enabled: true

  paths:

    - /usr/local/nginx/logs/error.log

  tags: ["error"]

#####################################################

## tomcat  log

#####################################################

- type: log

  enabled: true

  paths:

    - /var/log/tomcat/localhost_access_log.*.txt

  json.key_under_root: true

  json.overwrite_keys: true

  tags: ["tomcat"]

#####################################################

## tomcat  log

#####################################################

- type: log

  enabled: true

  paths:

    - /usr/local/elasticsearch/logs/my-elktest-cluster.log

  tags: ["es-java"]

  multiline.pattern: '^\['

  multiline.negate: true

  multiline.match: "after"

#####################################################

## Output

#####################################################

setup.kibana:

  host: "192.168.132.131:5601"

output.elasticsearch:

  hosts: ["192.168.132.131:9200","192.168.132.132:9200","192.168.132.133:9200"]

  #index: "nginx-%{[agent.version]}-%{+yyyy.MM.dd}"

  indices:

    - index: "access-%{[agent.version]}-%{+yyyy.MM.dd}"

      when.contains:

        tags: "access"

    - index: "error-%{[agent.version]}-%{+yyyy.MM.dd}"

      when.contains:

        tags: "error"

    - index: "tomcat-access-%{[agent.version]}-%{+yyyy.MM.dd}"

      when.contains:

        tags: "tomcat"

    - index: "javaes-access-%{[agent.version]}-%{+yyyy.MM.dd}"

      when.contains:

        tags: "es-java"

setup.template.name: "nginx"

setup.template.pattern: "nginx-*"

setup.template.overwrite: true

setup.template.enabled: true

setup.ilm.enabled: false

[root@node3 ~]# systemctl restart filebeat

5 生成错误日志

然后修改配置文件,重启产生错误日志

到kibana查看,错误日志一起显示

收集Java日志,配置完成

ELK学习实验017:filebeat收集java日志的更多相关文章

  1. ELK学习实验006:Nginx的日志分析系统之filebeat配置

    一 Filebeat工作原理 Filebeat由两个主要组件组成: prospector和 harvester 1.1 harvester 负责读取单个文件的内容 如果文件在读取时被制除或重命名, F ...

  2. ELK学习实验007:Nginx的日志分析系统之Metribeat配置

    一 Metricbeat 简介 1.1 系统级监控,更简洁将 Metricbeat 部署到您的所有 Linux.Windows 和 Mac 主机,并将它连接到 Elasticsearch 就大功告成了 ...

  3. ELK学习实验018:filebeat收集docker日志

    Filebeat收集Docker日志 1 安装docker [root@node4 ~]# yum install -y yum-utils device-mapper-persistent-data ...

  4. ELK学习实验016:filebeat收集tomcat日志

    filebeat收集tomcat日志 1 安装tomcat [root@node4 ~]# yum -y install tomcat tomcat-webapps tomcat-admin-weba ...

  5. ELK学习实验014:Nginx日志JSON格式收集

    1 Kibana的显示配置 https://demo.elastic.co/app/kibana#/dashboard/welcome_dashboard 环境先处理干净 安装nginx和httpd- ...

  6. 第六章·Logstash深入-收集java日志

    1.通过Logstash收集java日志并输出到ES中 因为我们现在需要用Logstash收集tomcat日志,所以我们暂时将tomcat安装到Logstash所在机器,也就是db03:10.0.0. ...

  7. Kubernetes部署ELK并使用Filebeat收集容器日志

    本文的试验环境为CentOS 7.3,Kubernetes集群为1.11.2,安装步骤参见kubeadm安装kubernetes V1.11.1 集群 1. 环境准备 Elasticsearch运行时 ...

  8. ELK之使用filebeat收集java运行日志

    安装filebeat修改配置文件/etc/filebeat/filebeat.yml filebeat.prospectors: - type: log enabled: true #日志路径 pat ...

  9. ELK之filebeat收集多类型日志

    1.IP规划 10.0.0.33:filebeat+tomcat,filebeat收集系统日志.tomcat日志发送到logstash 10.0.0.32:logstash,将日志写入reids(in ...

随机推荐

  1. python进阶(7)--文件与异常

    一.文件读取二.文件写入三.异常四.存储数据 ---------------------------------------分割线:正文-------------------------------- ...

  2. Oracle-DG 主库将log_archive_dest_state_2远程归档线程参数设置为defer,为什么dg还是处于实时同步状态?

    一.需求,前段时间,墨天伦有个小伙伴咨询了这个问题,搞了测试环境测试下. Oracle-DG 主库将log_archive_dest_state_2远程归档线程参数设置为defer,为什么dg还是处于 ...

  3. 《图解HTTP》部分章节学习笔记整理

    简介 此笔记为<图解HTTP>中部分章节的学习笔记. 目录 第1章 了解Web及网络基础 第2章 简单的HTTP协议 第4章 返回结果的HTTP状态码 第7章 确保web安全的HTTPS

  4. mac系统 php 7.2安装memcache扩展

    memcache的安装 下载地址:https://github.com/websupport-sk/pecl-memcache/archive/php7.zip wget https://github ...

  5. 【SpringMVC配置失效】Springboot2.x拦截器配置不无生效

    一.环境 maven springboot版本2.x <parent> <groupId>org.springframework.boot</groupId> &l ...

  6. PAT 乙级 -- 1011 -- A+B和C

    问题简述 给定区间[-231, 231]内的3个整数A.B和C,请判断A+B是否大于C. 输入格式: 输入第1行给出正整数T(<=10),是测试用例的个数.随后给出T组测试用例,每组占一行,顺序 ...

  7. 6.PHP与JavaScript交互

    PHP与JS交互 JS年闰年判断(body里直接引用JS) <form name="form1" method="post" action="& ...

  8. Windows核心编程 第十四章 虚拟内存

    第1 4章 虚 拟 内 存 <这一章没啥,是说的几个内存相关的函数 > 14.1 系统信息 许多操作系统的值是根据主机而定的,比如页面的大小,分配粒度的大小等.这些值决不应该用硬编码的形式 ...

  9. Windows PE变形练手1-用PE自己的机器码修改自己的逻辑

    PE变形练手1-用PE自己的机器码修改自己的逻辑 就是找一个PE文件,用自己的部分代码部分覆盖或者而修改自己另一个代码部分的补丁姿势(现实中使用很少,极少数破解可以用到.这次例子目的是了解PE). 第 ...

  10. JVM虚拟机-了解Java堆中对象分配、布局和访问的全过程

    目录 前言 对象的创建 类加载检查 分配内存 内存空间分配方式 指针碰撞 空闲列表 并发时的内存分配 同步处理:CAS 本地线程分配缓冲:TLAB 初始化零值 设置对象头 执行 init 方法 对象的 ...