收集JAVA格式日志

1 查看Java格式日志

elasticsearch属于Java日志,可以收集elasticsearch作为Java日志范本

[root@node3 ~]# tail -f /usr/local/elasticsearch/logs/my-elktest-cluster.log

[2020-01-19T01:57:18,496][INFO ][o.e.t.TransportService   ] [node-3] publish_address {192.168.132.133:9300}, bound_addresses {[::]:9300}

[2020-01-19T01:57:18,506][INFO ][o.e.b.BootstrapChecks    ] [node-3] bound or publishing to a non-loopback address, enforcing bootstrap checks

[2020-01-19T01:57:18,531][INFO ][o.e.c.c.Coordinator      ] [node-3] cluster UUID [4xt-ZTijTz2oTnlz1gMFjg]

[2020-01-19T01:57:19,195][INFO ][o.e.c.s.ClusterApplierService] [node-3] master node changed {previous [], current [{node-2}{9qVjdVSvSAGlZ7lpB9O78g}{m9_mEscHTMKQ0VwFt9YHog}{192.168.132.132}{192.168.132.132:9300}{dilm}{ml.machine_memory=1907953664, ml.max_open_jobs=20, xpack.installed=true}]}, added {{node-1}{KupGTMgUTTmp3poPa9iYdQ}{9vTQ4MQfRgqkB_gv4Jyp_A}{192.168.132.131}{192.168.132.131:9300}{dilm}{ml.machine_memory=1907953664, ml.max_open_jobs=20, xpack.installed=true},{node-2}{9qVjdVSvSAGlZ7lpB9O78g}{m9_mEscHTMKQ0VwFt9YHog}{192.168.132.132}{192.168.132.132:9300}{dilm}{ml.machine_memory=1907953664, ml.max_open_jobs=20, xpack.installed=true},}, term: 705, version: 875, reason: ApplyCommitRequest{term=705, version=875, sourceNode={node-2}{9qVjdVSvSAGlZ7lpB9O78g}{m9_mEscHTMKQ0VwFt9YHog}{192.168.132.132}{192.168.132.132:9300}{dilm}{ml.machine_memory=1907953664, ml.max_open_jobs=20, xpack.installed=true}}

2 直接使用filebeat收集

直接配置,使用filebeat收集

filebeat.inputs:

#####################################################

## Nginx log

#####################################################

- type: log

  enabled: true

  paths:

    - /usr/local/nginx/logs/access.log

  json.key_under_root: true

  json.overwrite_keys: true

  tags: ["access"]

- type: log

  enabled: true

  paths:

    - /usr/local/nginx/logs/error.log

  tags: ["error"]

#####################################################

## tomcat  log

#####################################################

- type: log

  enabled: true

  paths:

    - /var/log/tomcat/localhost_access_log.*.txt

  json.key_under_root: true

  json.overwrite_keys: true

  tags: ["tomcat"]

#####################################################

## tomcat  log

#####################################################

- type: log

  enabled: true

  paths:

    - /usr/local/elasticsearch/logs/my-elktest-cluster.log

  tags: ["es-java"]

#####################################################

## Output

#####################################################

setup.kibana:

  host: "192.168.132.131:5601"

output.elasticsearch:

  hosts: ["192.168.132.131:9200","192.168.132.132:9200","192.168.132.133:9200"]

  #index: "nginx-%{[agent.version]}-%{+yyyy.MM.dd}"

  indices:

    - index: "access-%{[agent.version]}-%{+yyyy.MM.dd}"

      when.contains:

        tags: "access"

    - index: "error-%{[agent.version]}-%{+yyyy.MM.dd}"

      when.contains:

        tags: "error"

    - index: "tomcat-access-%{[agent.version]}-%{+yyyy.MM.dd}"

      when.contains:

        tags: "tomcat"

    - index: "javaes-access-%{[agent.version]}-%{+yyyy.MM.dd}"

      when.contains:

        tags: "es-java"

setup.template.name: "nginx"

setup.template.pattern: "nginx-*"

setup.template.overwrite: true

setup.template.enabled: true

setup.ilm.enabled: false

[root@node3 ~]# systemctl restart filebeat

3 错误日志显示不清晰

但是错误信息分开显示

[2020-01-19T01:55:48,077][WARN ][o.e.c.NodeConnectionsService] [node-3] failed to connect to {node-2}{9qVjdVSvSAGlZ7lpB9O78g}{aFwQRTD4TWKE97npXNwSVg}{192.168.132.132}{192.168.132.132:9300}{dilm}{ml.machine_memory=1907953664, ml.max_open_jobs=20, xpack.installed=true} (tried [1] times)

org.elasticsearch.transport.ConnectTransportException: [node-2][192.168.132.132:9300] connect_exception

        at org.elasticsearch.transport.TcpTransport$ChannelsConnectedListener.onFailure(TcpTransport.java:976) ~[elasticsearch-7.4.2.jar:7.4.2]

        at org.elasticsearch.action.ActionListener.lambda$toBiConsumer$3(ActionListener.java:161) ~[elasticsearch-7.4.2.jar:7.4.2]

        at org.elasticsearch.common.concurrent.CompletableContext.lambda$addListener$0(CompletableContext.java:42) ~[elasticsearch-core-7.4.2.jar:7.4.2]

        at java.util.concurrent.CompletableFuture.uniWhenComplete(CompletableFuture.java:859) ~[?:?]

        at java.util.concurrent.CompletableFuture$UniWhenComplete.tryFire(CompletableFuture.java:837) ~[?:?]

        at java.util.concurrent.CompletableFuture.postComplete(CompletableFuture.java:506) ~[?:?]

        at java.util.concurrent.CompletableFuture.completeExceptionally(CompletableFuture.java:2159) ~[?:?]

        at org.elasticsearch.common.concurrent.CompletableContext.completeExceptionally(CompletableContext.java:57) ~[elasticsearch-core-7.4.2.jar:7.4.2]

        at org.elasticsearch.transport.netty4.Netty4TcpChannel.lambda$addListener$0(Netty4TcpChannel.java:68) ~[?:?]

        at io.netty.util.concurrent.DefaultPromise.notifyListener0(DefaultPromise.java:500) ~[?:?]

        at io.netty.util.concurrent.DefaultPromise.notifyListeners0(DefaultPromise.java:493) ~[?:?]

        at io.netty.util.concurrent.DefaultPromise.notifyListenersNow(DefaultPromise.java:472) ~[?:?]

        at io.netty.util.concurrent.DefaultPromise.notifyListeners(DefaultPromise.java:413) ~[?:?]

        at io.netty.util.concurrent.DefaultPromise.setValue0(DefaultPromise.java:538) ~[?:?]

        at io.netty.util.concurrent.DefaultPromise.setFailure0(DefaultPromise.java:531) ~[?:?]

        at io.netty.util.concurrent.DefaultPromise.tryFailure(DefaultPromise.java:111) ~[?:?]

        at io.netty.channel.nio.AbstractNioChannel$AbstractNioUnsafe.fulfillConnectPromise(AbstractNioChannel.java:323) ~[?:?]

        at io.netty.channel.nio.AbstractNioChannel$AbstractNioUnsafe.finishConnect(AbstractNioChannel.java:339) ~[?:?]

        at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:685) ~[?:?]

        at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:597) ~[?:?]

        at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:551) ~[?:?]

        at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:511) ~[?:?]

Caused by: java.net.ConnectException: Connection refused

        at sun.nio.ch.Net.pollConnect(Native Method) ~[?:?]

        at sun.nio.ch.Net.pollConnectNow(Net.java:579) ~[?:?]

        at sun.nio.ch.SocketChannelImpl.finishConnect(SocketChannelImpl.java:820) ~[?:?]

        at io.netty.channel.socket.nio.NioSocketChannel.doFinishConnect(NioSocketChannel.java:327) ~[?:?]

        at io.netty.channel.nio.AbstractNioChannel$AbstractNioUnsafe.finishConnect(AbstractNioChannel.java:336) ~[?:?]

        ... 7 more

[2020-01-19T01:55:49,727][INFO ][o.e.n.Node               ] [node-3] stopping ...

这是一段错误日志,需要单独收集

4 配置filebat的多行匹配

以时间作为标识,再读取一个时间标记之后,先缓存,当读到下一个时间标记,再整个发送日志,相当于多行匹配

官方文档:https://www.elastic.co/guide/en/beats/filebeat/current/multiline-examples.html

multiline.pattern: '^\['

multiline.negate: true

multiline.match: after

配置filebeat

filebeat.inputs:

#####################################################

## Nginx log

#####################################################

- type: log

  enabled: true

  paths:

    - /usr/local/nginx/logs/access.log

  json.key_under_root: true

  json.overwrite_keys: true

  tags: ["access"]

- type: log

  enabled: true

  paths:

    - /usr/local/nginx/logs/error.log

  tags: ["error"]

#####################################################

## tomcat  log

#####################################################

- type: log

  enabled: true

  paths:

    - /var/log/tomcat/localhost_access_log.*.txt

  json.key_under_root: true

  json.overwrite_keys: true

  tags: ["tomcat"]

#####################################################

## tomcat  log

#####################################################

- type: log

  enabled: true

  paths:

    - /usr/local/elasticsearch/logs/my-elktest-cluster.log

  tags: ["es-java"]

  multiline.pattern: '^\['

  multiline.negate: true

  multiline.match: "after"

#####################################################

## Output

#####################################################

setup.kibana:

  host: "192.168.132.131:5601"

output.elasticsearch:

  hosts: ["192.168.132.131:9200","192.168.132.132:9200","192.168.132.133:9200"]

  #index: "nginx-%{[agent.version]}-%{+yyyy.MM.dd}"

  indices:

    - index: "access-%{[agent.version]}-%{+yyyy.MM.dd}"

      when.contains:

        tags: "access"

    - index: "error-%{[agent.version]}-%{+yyyy.MM.dd}"

      when.contains:

        tags: "error"

    - index: "tomcat-access-%{[agent.version]}-%{+yyyy.MM.dd}"

      when.contains:

        tags: "tomcat"

    - index: "javaes-access-%{[agent.version]}-%{+yyyy.MM.dd}"

      when.contains:

        tags: "es-java"

setup.template.name: "nginx"

setup.template.pattern: "nginx-*"

setup.template.overwrite: true

setup.template.enabled: true

setup.ilm.enabled: false

[root@node3 ~]# systemctl restart filebeat

5 生成错误日志

然后修改配置文件,重启产生错误日志

到kibana查看,错误日志一起显示

收集Java日志,配置完成

ELK学习实验017:filebeat收集java日志的更多相关文章

  1. ELK学习实验006:Nginx的日志分析系统之filebeat配置

    一 Filebeat工作原理 Filebeat由两个主要组件组成: prospector和 harvester 1.1 harvester 负责读取单个文件的内容 如果文件在读取时被制除或重命名, F ...

  2. ELK学习实验007:Nginx的日志分析系统之Metribeat配置

    一 Metricbeat 简介 1.1 系统级监控,更简洁将 Metricbeat 部署到您的所有 Linux.Windows 和 Mac 主机,并将它连接到 Elasticsearch 就大功告成了 ...

  3. ELK学习实验018:filebeat收集docker日志

    Filebeat收集Docker日志 1 安装docker [root@node4 ~]# yum install -y yum-utils device-mapper-persistent-data ...

  4. ELK学习实验016:filebeat收集tomcat日志

    filebeat收集tomcat日志 1 安装tomcat [root@node4 ~]# yum -y install tomcat tomcat-webapps tomcat-admin-weba ...

  5. ELK学习实验014:Nginx日志JSON格式收集

    1 Kibana的显示配置 https://demo.elastic.co/app/kibana#/dashboard/welcome_dashboard 环境先处理干净 安装nginx和httpd- ...

  6. 第六章·Logstash深入-收集java日志

    1.通过Logstash收集java日志并输出到ES中 因为我们现在需要用Logstash收集tomcat日志,所以我们暂时将tomcat安装到Logstash所在机器,也就是db03:10.0.0. ...

  7. Kubernetes部署ELK并使用Filebeat收集容器日志

    本文的试验环境为CentOS 7.3,Kubernetes集群为1.11.2,安装步骤参见kubeadm安装kubernetes V1.11.1 集群 1. 环境准备 Elasticsearch运行时 ...

  8. ELK之使用filebeat收集java运行日志

    安装filebeat修改配置文件/etc/filebeat/filebeat.yml filebeat.prospectors: - type: log enabled: true #日志路径 pat ...

  9. ELK之filebeat收集多类型日志

    1.IP规划 10.0.0.33:filebeat+tomcat,filebeat收集系统日志.tomcat日志发送到logstash 10.0.0.32:logstash,将日志写入reids(in ...

随机推荐

  1. 从wav到Ogg Opus 以及使用java解码OPUS

    PCM 自然界中的声音非常复杂,波形极其复杂,通常我们采用的是脉冲代码调制编码,即PCM编码.PCM通过抽样.量化.编码三个步骤将连续变化的模拟信号转换为数字编码. 采样率 采样频率,也称为采样速度或 ...

  2. java面试一日一题:如何优化sql

    问题:请讲下在mysql下如何优化sql 分析:该问题主要考察对mysql的优化,重点考虑对索引优化的掌握. 回答要点: 主要从以下几点去考虑, 1.什么样的sql需要优化? 2.怎么对sql进行优化 ...

  3. 2021软工-调研作业-Notion

    2021软工-调研作业-Notion 项目 内容 这个作业属于哪个课程 2021春季计算机学院软件工程(罗杰 任健) 这个作业的要求在哪里 案例分析作业要求 我在这个课程的目标是 学习软件开发的工业化 ...

  4. 树莓派WIFI

    树莓派WIFI设置 在"开始使用树莓派"中,我们在boot根目录下创wpa_supplicant.conf文件,实现了第一次连接wifi.以后开机后,树莓派会自动连接那个wifi. ...

  5. 铁人三项(第五赛区)_2018_seven

    铁人三项(第五赛区)_2018_seven 先来看看保护 保护全开,IDA分析 首先申请了mmap两个随机地址的空间,一个为rwx,一个为rw 读入的都shellcode长度小于等于7,且这7个字符不 ...

  6. MQ 入门实践

    MQ Message Queue,消息队列,FIFO 结构. 例如电商平台,在用户支付订单后执行对应的操作: 优点: 异步 削峰 解耦 缺点 增加系统复杂性 数据一致性 可用性 JMS Java Me ...

  7. JVM经典垃圾收集器

      这个关系不是一成不变的,由于维护和兼容性测试的成本,在JDK 8时将Serial+CMS. ParNew+Serial Old这两个组合声明为废弃(JEP 173),并在JDK 9中完全取消了这些 ...

  8. jira 改变issue状态触发jenkins构建/发布

    目录 jira中issue状态的改变触发Jenkins构建 jira中定制新的workflow,作为jenkins发布使用流程 大家可以参考我的这个workflow 设置workflow 使用Tran ...

  9. 【故障公告】数据库服务器 CPU 100% 引发网站故障

    悄悄地它又突然来了 -- 数据库服务器 CPU 100% 问题,上次光临时间是 3-30 8:48,这次是 4-28 9:41. 这次我们做出了快速反应,发现后立即进行主备切换,这次一次切换成功,CP ...

  10. 听说你买的基金又“绿了”,手把手教你用 Python选出好基金

    打工人打工魂打工都是人上人,红基金绿基金绿了又绿你基金.今天教大家一招不再被(基金)绿. 01 开发环境 Windows10 Python3 Pycharm 一些必要的库 02 步骤 1. 获取基金排 ...