收集JAVA格式日志

1 查看Java格式日志

elasticsearch属于Java日志,可以收集elasticsearch作为Java日志范本

[root@node3 ~]# tail -f /usr/local/elasticsearch/logs/my-elktest-cluster.log

[2020-01-19T01:57:18,496][INFO ][o.e.t.TransportService   ] [node-3] publish_address {192.168.132.133:9300}, bound_addresses {[::]:9300}

[2020-01-19T01:57:18,506][INFO ][o.e.b.BootstrapChecks    ] [node-3] bound or publishing to a non-loopback address, enforcing bootstrap checks

[2020-01-19T01:57:18,531][INFO ][o.e.c.c.Coordinator      ] [node-3] cluster UUID [4xt-ZTijTz2oTnlz1gMFjg]

[2020-01-19T01:57:19,195][INFO ][o.e.c.s.ClusterApplierService] [node-3] master node changed {previous [], current [{node-2}{9qVjdVSvSAGlZ7lpB9O78g}{m9_mEscHTMKQ0VwFt9YHog}{192.168.132.132}{192.168.132.132:9300}{dilm}{ml.machine_memory=1907953664, ml.max_open_jobs=20, xpack.installed=true}]}, added {{node-1}{KupGTMgUTTmp3poPa9iYdQ}{9vTQ4MQfRgqkB_gv4Jyp_A}{192.168.132.131}{192.168.132.131:9300}{dilm}{ml.machine_memory=1907953664, ml.max_open_jobs=20, xpack.installed=true},{node-2}{9qVjdVSvSAGlZ7lpB9O78g}{m9_mEscHTMKQ0VwFt9YHog}{192.168.132.132}{192.168.132.132:9300}{dilm}{ml.machine_memory=1907953664, ml.max_open_jobs=20, xpack.installed=true},}, term: 705, version: 875, reason: ApplyCommitRequest{term=705, version=875, sourceNode={node-2}{9qVjdVSvSAGlZ7lpB9O78g}{m9_mEscHTMKQ0VwFt9YHog}{192.168.132.132}{192.168.132.132:9300}{dilm}{ml.machine_memory=1907953664, ml.max_open_jobs=20, xpack.installed=true}}

2 直接使用filebeat收集

直接配置,使用filebeat收集

filebeat.inputs:

#####################################################

## Nginx log

#####################################################

- type: log

  enabled: true

  paths:

    - /usr/local/nginx/logs/access.log

  json.key_under_root: true

  json.overwrite_keys: true

  tags: ["access"]

- type: log

  enabled: true

  paths:

    - /usr/local/nginx/logs/error.log

  tags: ["error"]

#####################################################

## tomcat  log

#####################################################

- type: log

  enabled: true

  paths:

    - /var/log/tomcat/localhost_access_log.*.txt

  json.key_under_root: true

  json.overwrite_keys: true

  tags: ["tomcat"]

#####################################################

## tomcat  log

#####################################################

- type: log

  enabled: true

  paths:

    - /usr/local/elasticsearch/logs/my-elktest-cluster.log

  tags: ["es-java"]

#####################################################

## Output

#####################################################

setup.kibana:

  host: "192.168.132.131:5601"

output.elasticsearch:

  hosts: ["192.168.132.131:9200","192.168.132.132:9200","192.168.132.133:9200"]

  #index: "nginx-%{[agent.version]}-%{+yyyy.MM.dd}"

  indices:

    - index: "access-%{[agent.version]}-%{+yyyy.MM.dd}"

      when.contains:

        tags: "access"

    - index: "error-%{[agent.version]}-%{+yyyy.MM.dd}"

      when.contains:

        tags: "error"

    - index: "tomcat-access-%{[agent.version]}-%{+yyyy.MM.dd}"

      when.contains:

        tags: "tomcat"

    - index: "javaes-access-%{[agent.version]}-%{+yyyy.MM.dd}"

      when.contains:

        tags: "es-java"

setup.template.name: "nginx"

setup.template.pattern: "nginx-*"

setup.template.overwrite: true

setup.template.enabled: true

setup.ilm.enabled: false

[root@node3 ~]# systemctl restart filebeat

3 错误日志显示不清晰

但是错误信息分开显示

[2020-01-19T01:55:48,077][WARN ][o.e.c.NodeConnectionsService] [node-3] failed to connect to {node-2}{9qVjdVSvSAGlZ7lpB9O78g}{aFwQRTD4TWKE97npXNwSVg}{192.168.132.132}{192.168.132.132:9300}{dilm}{ml.machine_memory=1907953664, ml.max_open_jobs=20, xpack.installed=true} (tried [1] times)

org.elasticsearch.transport.ConnectTransportException: [node-2][192.168.132.132:9300] connect_exception

        at org.elasticsearch.transport.TcpTransport$ChannelsConnectedListener.onFailure(TcpTransport.java:976) ~[elasticsearch-7.4.2.jar:7.4.2]

        at org.elasticsearch.action.ActionListener.lambda$toBiConsumer$3(ActionListener.java:161) ~[elasticsearch-7.4.2.jar:7.4.2]

        at org.elasticsearch.common.concurrent.CompletableContext.lambda$addListener$0(CompletableContext.java:42) ~[elasticsearch-core-7.4.2.jar:7.4.2]

        at java.util.concurrent.CompletableFuture.uniWhenComplete(CompletableFuture.java:859) ~[?:?]

        at java.util.concurrent.CompletableFuture$UniWhenComplete.tryFire(CompletableFuture.java:837) ~[?:?]

        at java.util.concurrent.CompletableFuture.postComplete(CompletableFuture.java:506) ~[?:?]

        at java.util.concurrent.CompletableFuture.completeExceptionally(CompletableFuture.java:2159) ~[?:?]

        at org.elasticsearch.common.concurrent.CompletableContext.completeExceptionally(CompletableContext.java:57) ~[elasticsearch-core-7.4.2.jar:7.4.2]

        at org.elasticsearch.transport.netty4.Netty4TcpChannel.lambda$addListener$0(Netty4TcpChannel.java:68) ~[?:?]

        at io.netty.util.concurrent.DefaultPromise.notifyListener0(DefaultPromise.java:500) ~[?:?]

        at io.netty.util.concurrent.DefaultPromise.notifyListeners0(DefaultPromise.java:493) ~[?:?]

        at io.netty.util.concurrent.DefaultPromise.notifyListenersNow(DefaultPromise.java:472) ~[?:?]

        at io.netty.util.concurrent.DefaultPromise.notifyListeners(DefaultPromise.java:413) ~[?:?]

        at io.netty.util.concurrent.DefaultPromise.setValue0(DefaultPromise.java:538) ~[?:?]

        at io.netty.util.concurrent.DefaultPromise.setFailure0(DefaultPromise.java:531) ~[?:?]

        at io.netty.util.concurrent.DefaultPromise.tryFailure(DefaultPromise.java:111) ~[?:?]

        at io.netty.channel.nio.AbstractNioChannel$AbstractNioUnsafe.fulfillConnectPromise(AbstractNioChannel.java:323) ~[?:?]

        at io.netty.channel.nio.AbstractNioChannel$AbstractNioUnsafe.finishConnect(AbstractNioChannel.java:339) ~[?:?]

        at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:685) ~[?:?]

        at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:597) ~[?:?]

        at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:551) ~[?:?]

        at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:511) ~[?:?]

Caused by: java.net.ConnectException: Connection refused

        at sun.nio.ch.Net.pollConnect(Native Method) ~[?:?]

        at sun.nio.ch.Net.pollConnectNow(Net.java:579) ~[?:?]

        at sun.nio.ch.SocketChannelImpl.finishConnect(SocketChannelImpl.java:820) ~[?:?]

        at io.netty.channel.socket.nio.NioSocketChannel.doFinishConnect(NioSocketChannel.java:327) ~[?:?]

        at io.netty.channel.nio.AbstractNioChannel$AbstractNioUnsafe.finishConnect(AbstractNioChannel.java:336) ~[?:?]

        ... 7 more

[2020-01-19T01:55:49,727][INFO ][o.e.n.Node               ] [node-3] stopping ...

这是一段错误日志,需要单独收集

4 配置filebat的多行匹配

以时间作为标识,再读取一个时间标记之后,先缓存,当读到下一个时间标记,再整个发送日志,相当于多行匹配

官方文档:https://www.elastic.co/guide/en/beats/filebeat/current/multiline-examples.html

multiline.pattern: '^\['

multiline.negate: true

multiline.match: after

配置filebeat

filebeat.inputs:

#####################################################

## Nginx log

#####################################################

- type: log

  enabled: true

  paths:

    - /usr/local/nginx/logs/access.log

  json.key_under_root: true

  json.overwrite_keys: true

  tags: ["access"]

- type: log

  enabled: true

  paths:

    - /usr/local/nginx/logs/error.log

  tags: ["error"]

#####################################################

## tomcat  log

#####################################################

- type: log

  enabled: true

  paths:

    - /var/log/tomcat/localhost_access_log.*.txt

  json.key_under_root: true

  json.overwrite_keys: true

  tags: ["tomcat"]

#####################################################

## tomcat  log

#####################################################

- type: log

  enabled: true

  paths:

    - /usr/local/elasticsearch/logs/my-elktest-cluster.log

  tags: ["es-java"]

  multiline.pattern: '^\['

  multiline.negate: true

  multiline.match: "after"

#####################################################

## Output

#####################################################

setup.kibana:

  host: "192.168.132.131:5601"

output.elasticsearch:

  hosts: ["192.168.132.131:9200","192.168.132.132:9200","192.168.132.133:9200"]

  #index: "nginx-%{[agent.version]}-%{+yyyy.MM.dd}"

  indices:

    - index: "access-%{[agent.version]}-%{+yyyy.MM.dd}"

      when.contains:

        tags: "access"

    - index: "error-%{[agent.version]}-%{+yyyy.MM.dd}"

      when.contains:

        tags: "error"

    - index: "tomcat-access-%{[agent.version]}-%{+yyyy.MM.dd}"

      when.contains:

        tags: "tomcat"

    - index: "javaes-access-%{[agent.version]}-%{+yyyy.MM.dd}"

      when.contains:

        tags: "es-java"

setup.template.name: "nginx"

setup.template.pattern: "nginx-*"

setup.template.overwrite: true

setup.template.enabled: true

setup.ilm.enabled: false

[root@node3 ~]# systemctl restart filebeat

5 生成错误日志

然后修改配置文件,重启产生错误日志

到kibana查看,错误日志一起显示

收集Java日志,配置完成

ELK学习实验017:filebeat收集java日志的更多相关文章

  1. ELK学习实验006:Nginx的日志分析系统之filebeat配置

    一 Filebeat工作原理 Filebeat由两个主要组件组成: prospector和 harvester 1.1 harvester 负责读取单个文件的内容 如果文件在读取时被制除或重命名, F ...

  2. ELK学习实验007:Nginx的日志分析系统之Metribeat配置

    一 Metricbeat 简介 1.1 系统级监控,更简洁将 Metricbeat 部署到您的所有 Linux.Windows 和 Mac 主机,并将它连接到 Elasticsearch 就大功告成了 ...

  3. ELK学习实验018:filebeat收集docker日志

    Filebeat收集Docker日志 1 安装docker [root@node4 ~]# yum install -y yum-utils device-mapper-persistent-data ...

  4. ELK学习实验016:filebeat收集tomcat日志

    filebeat收集tomcat日志 1 安装tomcat [root@node4 ~]# yum -y install tomcat tomcat-webapps tomcat-admin-weba ...

  5. ELK学习实验014:Nginx日志JSON格式收集

    1 Kibana的显示配置 https://demo.elastic.co/app/kibana#/dashboard/welcome_dashboard 环境先处理干净 安装nginx和httpd- ...

  6. 第六章·Logstash深入-收集java日志

    1.通过Logstash收集java日志并输出到ES中 因为我们现在需要用Logstash收集tomcat日志,所以我们暂时将tomcat安装到Logstash所在机器,也就是db03:10.0.0. ...

  7. Kubernetes部署ELK并使用Filebeat收集容器日志

    本文的试验环境为CentOS 7.3,Kubernetes集群为1.11.2,安装步骤参见kubeadm安装kubernetes V1.11.1 集群 1. 环境准备 Elasticsearch运行时 ...

  8. ELK之使用filebeat收集java运行日志

    安装filebeat修改配置文件/etc/filebeat/filebeat.yml filebeat.prospectors: - type: log enabled: true #日志路径 pat ...

  9. ELK之filebeat收集多类型日志

    1.IP规划 10.0.0.33:filebeat+tomcat,filebeat收集系统日志.tomcat日志发送到logstash 10.0.0.32:logstash,将日志写入reids(in ...

随机推荐

  1. Visual Studio 2015 无法加载.Net FrameWork4.6.2

    默认的VS2015是没有.Net Framework4.6.2的 需要我们去到微软官网下载对应的.NET Framework 4.6.2的安装包 安装包分两种,一种是应用级别的还一种是开发级别的,如果 ...

  2. JWT 介绍 - Step by Step

    翻译自 Mohamad Lawand 2021年3月11日的文章 <Intro to JWT - Step by Step> [1] 在本文中,我将向您介绍 JWT[2]. 我们今天要讲的 ...

  3. 【CTF】图片隐写术 · 修复被修改尺寸的PNG图片

    前言 今天我们想来介绍一下关于图片隐写相关处理,以及修复被修改尺寸的PNG图片. 关于PNG图片的相关处理,是CTF Misc图片隐写术中极为基础的一项操作,笔者这里是想要提一些做题过程中发现的小技巧 ...

  4. Idea使用指南--实用版

    idea使用指南--基础配置: 视频链接:https://www.bilibili.com/video/av21735428/?p=1 idea安装: 快捷方式create destop shortc ...

  5. 关于Mapreduce Text类型赋值的错误

    Mapreduce中Text类型数据被无缘无故替换? ​ 今天偶然看到一个mapreduce demo,直接上手操作 统计两个文件中 最大值 文件中数据格式为 名字 数值 输出为 名字(最大值所对应的 ...

  6. 1003 Emergency (25分)

    As an emergency rescue team leader of a city, you are given a special map of your country. The map s ...

  7. C++ 面向对象高级设计

    inline关键字 类声明内定义的函数,自动成为inline函数,类声明外定义的函数,需要加上inline关键字才能成为inline函数 构造函数 应该使用列表初始化 class complex { ...

  8. 手动脱PeCompact 2.20壳实战

    作者:Fly2015 PeCompact壳又是一个没有听说过的壳,需要脱壳的程序是吾爱破解培训的第一课的选修作业四.最近对脱壳有点上瘾了,当然也遭受了脱壳受挫的无奈,但是比较幸运还是把这个壳给搞了. ...

  9. hdu1358 最小循环节,最大循环次数 KMP

    题意:       给你一个字符串,让你找到一些字符串,这个字符串是从第一个字母开始的,并且他可以分成1个一上循环子结构够成的,比如 abcabcabc  那么当前的这个串就是三个abc构成的,他的A ...

  10. hdu5014 构造b数列使得t最大(小想法)

    题意:      给你一个序列a,他有n+1个数,每个数的范围是ai >= 0 && a[i] <= n,同时任意两个数字都是不相同的,就是ai != aj (i!=j), ...