收集JAVA格式日志

1 查看Java格式日志

elasticsearch属于Java日志,可以收集elasticsearch作为Java日志范本

[root@node3 ~]# tail -f /usr/local/elasticsearch/logs/my-elktest-cluster.log

[2020-01-19T01:57:18,496][INFO ][o.e.t.TransportService   ] [node-3] publish_address {192.168.132.133:9300}, bound_addresses {[::]:9300}

[2020-01-19T01:57:18,506][INFO ][o.e.b.BootstrapChecks    ] [node-3] bound or publishing to a non-loopback address, enforcing bootstrap checks

[2020-01-19T01:57:18,531][INFO ][o.e.c.c.Coordinator      ] [node-3] cluster UUID [4xt-ZTijTz2oTnlz1gMFjg]

[2020-01-19T01:57:19,195][INFO ][o.e.c.s.ClusterApplierService] [node-3] master node changed {previous [], current [{node-2}{9qVjdVSvSAGlZ7lpB9O78g}{m9_mEscHTMKQ0VwFt9YHog}{192.168.132.132}{192.168.132.132:9300}{dilm}{ml.machine_memory=1907953664, ml.max_open_jobs=20, xpack.installed=true}]}, added {{node-1}{KupGTMgUTTmp3poPa9iYdQ}{9vTQ4MQfRgqkB_gv4Jyp_A}{192.168.132.131}{192.168.132.131:9300}{dilm}{ml.machine_memory=1907953664, ml.max_open_jobs=20, xpack.installed=true},{node-2}{9qVjdVSvSAGlZ7lpB9O78g}{m9_mEscHTMKQ0VwFt9YHog}{192.168.132.132}{192.168.132.132:9300}{dilm}{ml.machine_memory=1907953664, ml.max_open_jobs=20, xpack.installed=true},}, term: 705, version: 875, reason: ApplyCommitRequest{term=705, version=875, sourceNode={node-2}{9qVjdVSvSAGlZ7lpB9O78g}{m9_mEscHTMKQ0VwFt9YHog}{192.168.132.132}{192.168.132.132:9300}{dilm}{ml.machine_memory=1907953664, ml.max_open_jobs=20, xpack.installed=true}}

2 直接使用filebeat收集

直接配置,使用filebeat收集

filebeat.inputs:

#####################################################

## Nginx log

#####################################################

- type: log

  enabled: true

  paths:

    - /usr/local/nginx/logs/access.log

  json.key_under_root: true

  json.overwrite_keys: true

  tags: ["access"]

- type: log

  enabled: true

  paths:

    - /usr/local/nginx/logs/error.log

  tags: ["error"]

#####################################################

## tomcat  log

#####################################################

- type: log

  enabled: true

  paths:

    - /var/log/tomcat/localhost_access_log.*.txt

  json.key_under_root: true

  json.overwrite_keys: true

  tags: ["tomcat"]

#####################################################

## tomcat  log

#####################################################

- type: log

  enabled: true

  paths:

    - /usr/local/elasticsearch/logs/my-elktest-cluster.log

  tags: ["es-java"]

#####################################################

## Output

#####################################################

setup.kibana:

  host: "192.168.132.131:5601"

output.elasticsearch:

  hosts: ["192.168.132.131:9200","192.168.132.132:9200","192.168.132.133:9200"]

  #index: "nginx-%{[agent.version]}-%{+yyyy.MM.dd}"

  indices:

    - index: "access-%{[agent.version]}-%{+yyyy.MM.dd}"

      when.contains:

        tags: "access"

    - index: "error-%{[agent.version]}-%{+yyyy.MM.dd}"

      when.contains:

        tags: "error"

    - index: "tomcat-access-%{[agent.version]}-%{+yyyy.MM.dd}"

      when.contains:

        tags: "tomcat"

    - index: "javaes-access-%{[agent.version]}-%{+yyyy.MM.dd}"

      when.contains:

        tags: "es-java"

setup.template.name: "nginx"

setup.template.pattern: "nginx-*"

setup.template.overwrite: true

setup.template.enabled: true

setup.ilm.enabled: false

[root@node3 ~]# systemctl restart filebeat

3 错误日志显示不清晰

但是错误信息分开显示

[2020-01-19T01:55:48,077][WARN ][o.e.c.NodeConnectionsService] [node-3] failed to connect to {node-2}{9qVjdVSvSAGlZ7lpB9O78g}{aFwQRTD4TWKE97npXNwSVg}{192.168.132.132}{192.168.132.132:9300}{dilm}{ml.machine_memory=1907953664, ml.max_open_jobs=20, xpack.installed=true} (tried [1] times)

org.elasticsearch.transport.ConnectTransportException: [node-2][192.168.132.132:9300] connect_exception

        at org.elasticsearch.transport.TcpTransport$ChannelsConnectedListener.onFailure(TcpTransport.java:976) ~[elasticsearch-7.4.2.jar:7.4.2]

        at org.elasticsearch.action.ActionListener.lambda$toBiConsumer$3(ActionListener.java:161) ~[elasticsearch-7.4.2.jar:7.4.2]

        at org.elasticsearch.common.concurrent.CompletableContext.lambda$addListener$0(CompletableContext.java:42) ~[elasticsearch-core-7.4.2.jar:7.4.2]

        at java.util.concurrent.CompletableFuture.uniWhenComplete(CompletableFuture.java:859) ~[?:?]

        at java.util.concurrent.CompletableFuture$UniWhenComplete.tryFire(CompletableFuture.java:837) ~[?:?]

        at java.util.concurrent.CompletableFuture.postComplete(CompletableFuture.java:506) ~[?:?]

        at java.util.concurrent.CompletableFuture.completeExceptionally(CompletableFuture.java:2159) ~[?:?]

        at org.elasticsearch.common.concurrent.CompletableContext.completeExceptionally(CompletableContext.java:57) ~[elasticsearch-core-7.4.2.jar:7.4.2]

        at org.elasticsearch.transport.netty4.Netty4TcpChannel.lambda$addListener$0(Netty4TcpChannel.java:68) ~[?:?]

        at io.netty.util.concurrent.DefaultPromise.notifyListener0(DefaultPromise.java:500) ~[?:?]

        at io.netty.util.concurrent.DefaultPromise.notifyListeners0(DefaultPromise.java:493) ~[?:?]

        at io.netty.util.concurrent.DefaultPromise.notifyListenersNow(DefaultPromise.java:472) ~[?:?]

        at io.netty.util.concurrent.DefaultPromise.notifyListeners(DefaultPromise.java:413) ~[?:?]

        at io.netty.util.concurrent.DefaultPromise.setValue0(DefaultPromise.java:538) ~[?:?]

        at io.netty.util.concurrent.DefaultPromise.setFailure0(DefaultPromise.java:531) ~[?:?]

        at io.netty.util.concurrent.DefaultPromise.tryFailure(DefaultPromise.java:111) ~[?:?]

        at io.netty.channel.nio.AbstractNioChannel$AbstractNioUnsafe.fulfillConnectPromise(AbstractNioChannel.java:323) ~[?:?]

        at io.netty.channel.nio.AbstractNioChannel$AbstractNioUnsafe.finishConnect(AbstractNioChannel.java:339) ~[?:?]

        at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:685) ~[?:?]

        at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:597) ~[?:?]

        at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:551) ~[?:?]

        at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:511) ~[?:?]

Caused by: java.net.ConnectException: Connection refused

        at sun.nio.ch.Net.pollConnect(Native Method) ~[?:?]

        at sun.nio.ch.Net.pollConnectNow(Net.java:579) ~[?:?]

        at sun.nio.ch.SocketChannelImpl.finishConnect(SocketChannelImpl.java:820) ~[?:?]

        at io.netty.channel.socket.nio.NioSocketChannel.doFinishConnect(NioSocketChannel.java:327) ~[?:?]

        at io.netty.channel.nio.AbstractNioChannel$AbstractNioUnsafe.finishConnect(AbstractNioChannel.java:336) ~[?:?]

        ... 7 more

[2020-01-19T01:55:49,727][INFO ][o.e.n.Node               ] [node-3] stopping ...

这是一段错误日志,需要单独收集

4 配置filebat的多行匹配

以时间作为标识,再读取一个时间标记之后,先缓存,当读到下一个时间标记,再整个发送日志,相当于多行匹配

官方文档:https://www.elastic.co/guide/en/beats/filebeat/current/multiline-examples.html

multiline.pattern: '^\['

multiline.negate: true

multiline.match: after

配置filebeat

filebeat.inputs:

#####################################################

## Nginx log

#####################################################

- type: log

  enabled: true

  paths:

    - /usr/local/nginx/logs/access.log

  json.key_under_root: true

  json.overwrite_keys: true

  tags: ["access"]

- type: log

  enabled: true

  paths:

    - /usr/local/nginx/logs/error.log

  tags: ["error"]

#####################################################

## tomcat  log

#####################################################

- type: log

  enabled: true

  paths:

    - /var/log/tomcat/localhost_access_log.*.txt

  json.key_under_root: true

  json.overwrite_keys: true

  tags: ["tomcat"]

#####################################################

## tomcat  log

#####################################################

- type: log

  enabled: true

  paths:

    - /usr/local/elasticsearch/logs/my-elktest-cluster.log

  tags: ["es-java"]

  multiline.pattern: '^\['

  multiline.negate: true

  multiline.match: "after"

#####################################################

## Output

#####################################################

setup.kibana:

  host: "192.168.132.131:5601"

output.elasticsearch:

  hosts: ["192.168.132.131:9200","192.168.132.132:9200","192.168.132.133:9200"]

  #index: "nginx-%{[agent.version]}-%{+yyyy.MM.dd}"

  indices:

    - index: "access-%{[agent.version]}-%{+yyyy.MM.dd}"

      when.contains:

        tags: "access"

    - index: "error-%{[agent.version]}-%{+yyyy.MM.dd}"

      when.contains:

        tags: "error"

    - index: "tomcat-access-%{[agent.version]}-%{+yyyy.MM.dd}"

      when.contains:

        tags: "tomcat"

    - index: "javaes-access-%{[agent.version]}-%{+yyyy.MM.dd}"

      when.contains:

        tags: "es-java"

setup.template.name: "nginx"

setup.template.pattern: "nginx-*"

setup.template.overwrite: true

setup.template.enabled: true

setup.ilm.enabled: false

[root@node3 ~]# systemctl restart filebeat

5 生成错误日志

然后修改配置文件,重启产生错误日志

到kibana查看,错误日志一起显示

收集Java日志,配置完成

ELK学习实验017:filebeat收集java日志的更多相关文章

  1. ELK学习实验006:Nginx的日志分析系统之filebeat配置

    一 Filebeat工作原理 Filebeat由两个主要组件组成: prospector和 harvester 1.1 harvester 负责读取单个文件的内容 如果文件在读取时被制除或重命名, F ...

  2. ELK学习实验007:Nginx的日志分析系统之Metribeat配置

    一 Metricbeat 简介 1.1 系统级监控,更简洁将 Metricbeat 部署到您的所有 Linux.Windows 和 Mac 主机,并将它连接到 Elasticsearch 就大功告成了 ...

  3. ELK学习实验018:filebeat收集docker日志

    Filebeat收集Docker日志 1 安装docker [root@node4 ~]# yum install -y yum-utils device-mapper-persistent-data ...

  4. ELK学习实验016:filebeat收集tomcat日志

    filebeat收集tomcat日志 1 安装tomcat [root@node4 ~]# yum -y install tomcat tomcat-webapps tomcat-admin-weba ...

  5. ELK学习实验014:Nginx日志JSON格式收集

    1 Kibana的显示配置 https://demo.elastic.co/app/kibana#/dashboard/welcome_dashboard 环境先处理干净 安装nginx和httpd- ...

  6. 第六章·Logstash深入-收集java日志

    1.通过Logstash收集java日志并输出到ES中 因为我们现在需要用Logstash收集tomcat日志,所以我们暂时将tomcat安装到Logstash所在机器,也就是db03:10.0.0. ...

  7. Kubernetes部署ELK并使用Filebeat收集容器日志

    本文的试验环境为CentOS 7.3,Kubernetes集群为1.11.2,安装步骤参见kubeadm安装kubernetes V1.11.1 集群 1. 环境准备 Elasticsearch运行时 ...

  8. ELK之使用filebeat收集java运行日志

    安装filebeat修改配置文件/etc/filebeat/filebeat.yml filebeat.prospectors: - type: log enabled: true #日志路径 pat ...

  9. ELK之filebeat收集多类型日志

    1.IP规划 10.0.0.33:filebeat+tomcat,filebeat收集系统日志.tomcat日志发送到logstash 10.0.0.32:logstash,将日志写入reids(in ...

随机推荐

  1. mysql 遇到的问题

    1) 客户端(Navicat)远程登录操作再遇问题1142-create command denied to user×××的解决GRANT SELECT,INSERT,UPDATE,DELETE,C ...

  2. 多图详解 TCP 连接管理,太全了!!!

    TCP 是一种面向连接的单播协议,在 TCP 中,并不存在多播.广播的这种行为,因为 TCP 报文段中能明确发送方和接受方的 IP 地址. 在发送数据前,相互通信的双方(即发送方和接受方)需要建立一条 ...

  3. 【全网首发】鸿蒙开源三方组件--跨平台自适应布局yoga组件

    目录: 1.介绍 2.如何使用 3.集成方式 4.附录1:FlexBox科普 5.附录2:相关资料 介绍 yoga是facebook打造的一个跨IOS.Android.Window平台在内的布局引擎, ...

  4. 【秒懂音视频开发】18_详解YUV

    本文的主角是多媒体领域非常重要的一个概念:YUV. 简介 YUV,是一种颜色编码方法,跟RGB是同一个级别的概念,广泛应用于多媒体领域中. 也就是说,图像中每1个像素的颜色信息,除了可以用RGB的方式 ...

  5. k8s 安装 rabbitMQ 单机版

    rabbitMQ docker镜像使用rabbitmq:3.8-management service.yaml文件 apiVersion: v1 kind: Service metadata: nam ...

  6. Vue.js入门及其常用指令

    一.Vue框架 https://cn.vuejs.org/ 官网 前端领域有三大框架 Angular诞生于2009年,是由谷歌公司创建出来的框架: React诞生于2013年,是由facebook公司 ...

  7. PE文件附加数据感染之Worm.Win32.Agent.ayd病毒分析

    一.基本信息 样本名称:1q8JRgwDeGMofs.exe 病毒名称:Worm.Win32.Agent.ayd 文件大小:165384 字节 文件MD5:7EF5D0028997CB7DD3484A ...

  8. 缓冲区溢出分析第06课:W32Dasm缓冲区溢出分析

    漏洞报告分析 学习过破解的朋友一定听说过W32Dasm这款逆向分析工具.它是一个静态反汇编工具,在IDA Pro流行之前,是破解界人士必然要学会使用的工具之一,它也被比作破解界的"屠龙刀&q ...

  9. POJ2239简单二分匹配

    题意:       一周有7天,每天可以上12节课,现在给你每科课的上课时间,问你一周最多可以上几科课,一科课只要上一节就行了. 思路:       简单题目,直接二分就行了,好久没写二分匹配了,练习 ...

  10. 【vue-05】vue-cli

    Vue-router官网 安装 vue-router是一个插件包,所以我们还是需要用npm 来进行安装.打开命令行工具,进入你的项目目录,输入下面命令. npm install vue-router ...