1.项目中加入依赖:
compile 'net.logstash.logback:logstash-logback-encoder:6.0'
如果是maven项目的话:字符串中的冒号为隔断,第一个为groupid,第二个为artifactId,第三个为version
2.添加一个logback日志:我注释掉的部分是日志的打印,可以开出来,正式环境就不开了,影响性能
这里的功能添加一个logstash的appender将其发送到 rabbitmq
rabbitmq的安装教程参看本博主的博文
命名文件名为:logback.xml
放到classpath路径下:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<!--<appender name="CONSOLE" class="ch.qos.logback.core.ConsoleAppender">-->
<!--<encoder>-->
<!--<pattern>%d{HH:mm:ss.SSS} [%-5level] %logger{15} - %msg%n%rEx</pattern>-->
<!--<immediateFlush>false</immediateFlush>-->
<!--</encoder>-->
<!--</appender>-->
<!--logstash的sppender,发送给rabbitmq-->
<appender name="ASYNC" class="net.logstash.logback.appender.LoggingEventAsyncDisruptorAppender">
<appender name="AMQP"
class="org.springframework.amqp.rabbit.logback.AmqpAppender">
<host>localhost</host>
<port>5672</port>
<virtualHost>/</virtualHost>
<username>guest</username>
<password>guest</password>
<exchangeType>direct</exchangeType>
<exchangeName>elk</exchangeName>
<applicationId>gateway</applicationId>
<routingKeyPattern>elk</routingKeyPattern>
<contentType>text/plain</contentType>
<maxSenderRetries>2</maxSenderRetries>
<charset>UTF-8</charset>
<declareExchange>true</declareExchange>
<layout class="net.logstash.logback.layout.LogstashLayout">
<customFields>{"app":"lostashTest"}</customFields>
</layout>
</appender>
</appender>
<root level="INFO">
<!--<appender-ref ref="CONSOLE"/>-->
<appender-ref ref="ASYNC"/>
</root>
</configuration>
3.安装logstash的windows版本
1) 我的百度云盘下载地址:版本号是2.4.0
链接:https://pan.baidu.com/s/1ud4mpTpwyUSeJNGqk933yg
提取码:85cw
复制这段内容后打开百度网盘手机App,操作更方便哦
2) 配置文件 ,我这里叫agent.conf,将logstash解压之后,将下面文本创建一个文件agent.conf,放到logstash的bin目录下
input {
rabbitmq{
host=>"localhost"
port=> 5672
user=>"guest"
password=>"guest"
queue=>"elk"
exchange=>"elk"
key=>"elk"
durable=>true
passive=>false
codec=>json
}
}
filter {
}
output {
elasticsearch {
hosts => ["localhost:9200"]
index => "index-%{+YYYYMMdd}"
}
}
3)安装支持elasticsearch的插件
在logstash目录的bin目录下的,在地址栏输入cmd进入windows控制台,输入如下命令
logstash-plugin install --no-verify logstash-input-rabbitmq
4) 启动logstash
在logstash目录的bin目录下,在地址栏输入cmd进入windows的控制台,输入如下命令:
logstash -f agent.conf
上图这种状态即为启动成功!
4.安装启动elasticsearch
1)我的百度云盘下载地址:我这里的版本是1.7.3
链接:https://pan.baidu.com/s/10hrGjXOyt8dJUrv_u8cLGg
提取码:7qnw
复制这段内容后打开百度网盘手机App,操作更方便哦
2)解压elasticsearch
3)配置跨域允许访问
打开config目录下的elasticsearch.yml文件,可以使用notepad++或者edit-plus软件,自行百度安装
在最上面添加2句话:这两句话是允许跨域请求
http.cors.allow-origin: "/.*/"
http.cors.enabled: true
4)启动elasticsearch
打开elasticsearch根目录下的bin目录
双击 elasticsearch.bat 即可启动
5.下载安装kibana
1)我的百度云盘下载地址:版本号:3.x
链接:https://pan.baidu.com/s/1pkyEPL9oOK4pdB_pVE-6hA
提取码:m4h1
复制这段内容后打开百度网盘手机App,操作更方便哦
2)解压kibana,kibana其实就是一个前后端分离的存粹的前段工程
3)修改配置文件,这里是配置elasticsearch的访问路径,我这里是127.0.0.1
4)启动kibana
使用nginx启动,或者其他方式(hbuilder,idea都可以做为前端服务器启动)
4.1)nginx下载
我的百度云下载:windows版本的nginx
链接:https://pan.baidu.com/s/1rbG1fukBso1pjZHE2NM-xA
提取码:37zr
复制这段内容后打开百度网盘手机App,操作更方便哦
4.2)解压nginx
4.3)配置nginx
打开conf目录下面的nginx.conf文件
按照如下配置:注意文件路径填写自己的 kibana的文件夹路径
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#access_log logs/access.log main;
sendfile on;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name 127.0.0.1;
location / {
root C:/Users/Administrator/Desktop/kibana-3.1.2;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
红色部分填写你自己的kibana的文件夹的路径
4.4)启动nginx
双击nginx.exe即可启动
5.访问127.0.0.1即可打开kibana界面
6.导入我这个配置好的dashbord的文件,或者也可以自行配置。
将下面的代码复制出来,另存为一个文件,文件名可以使用:Your Basic Dashboard.json
{
"title": "Your Basic Dashboard",
"services": {
"query": {
"list": {
"0": {
"query": "*",
"alias": "",
"color": "#7EB26D",
"id": 0,
"pin": false,
"type": "lucene",
"enable": true
}
},
"ids": [
0
]
},
"filter": {
"list": {
"0": {
"type": "querystring",
"query": "app:gateway",
"mandate": "must",
"active": true,
"alias": "",
"id": 0
},
"1": {
"type": "time",
"field": "@timestamp",
"from": "now-15m",
"to": "now",
"mandate": "must",
"active": true,
"alias": "",
"id": 1
}
},
"ids": [
0,
1
]
}
},
"rows": [
{
"title": "Options",
"height": "50px",
"editable": true,
"collapse": false,
"collapsable": true,
"panels": [
{
"span": 12,
"editable": true,
"type": "histogram",
"loadingEditor": false,
"mode": "count",
"time_field": "@timestamp",
"value_field": null,
"x-axis": true,
"y-axis": true,
"scale": 1,
"y_format": "none",
"grid": {
"max": null,
"min": 0
},
"queries": {
"mode": "all",
"ids": [
0
]
},
"annotate": {
"enable": false,
"query": "*",
"size": 20,
"field": "_type",
"sort": [
"_score",
"desc"
]
},
"auto_int": true,
"resolution": 100,
"interval": "10s",
"intervals": [
"auto",
"1s",
"1m",
"5m",
"10m",
"30m",
"1h",
"3h",
"12h",
"1d",
"1w",
"1y"
],
"lines": false,
"fill": 0,
"linewidth": 3,
"points": false,
"pointradius": 5,
"bars": true,
"stack": true,
"spyable": true,
"zoomlinks": true,
"options": true,
"legend": true,
"show_query": true,
"interactive": true,
"legend_counts": true,
"timezone": "browser",
"percentage": false,
"zerofill": true,
"derivative": false,
"tooltip": {
"value_type": "cumulative",
"query_as_alias": true
}
}
],
"notice": false
},
{
"title": "Graph",
"height": "250px",
"editable": true,
"collapse": false,
"collapsable": true,
"panels": [],
"notice": false
},
{
"title": "Events",
"height": "650px",
"editable": true,
"collapse": false,
"collapsable": true,
"panels": [
{
"error": false,
"span": 12,
"editable": true,
"group": [
"default"
],
"type": "table",
"size": 100,
"pages": 5,
"offset": 0,
"sort": [
"_score",
"desc"
],
"style": {
"font-size": "9pt"
},
"overflow": "min-height",
"fields": [
"@timestamp",
"message",
"thread_name",
"app",
"logger_name",
"level_value"
],
"highlight": [],
"sortable": true,
"header": true,
"paging": true,
"spyable": true,
"queries": {
"mode": "all",
"ids": [
0
]
},
"field_list": true,
"status": "Stable",
"trimFactor": 300,
"normTimes": true,
"title": "Documents",
"all_fields": false,
"localTime": true,
"timeField": "@timestamp"
}
],
"notice": false
}
],
"editable": true,
"index": {
"interval": "none",
"pattern": "[logstash-]YYYY.MM.DD",
"default": "_all",
"warm_fields": false
},
"style": "dark",
"failover": false,
"panel_hints": true,
"loader": {
"save_gist": false,
"save_elasticsearch": true,
"save_local": true,
"save_default": true,
"save_temp": true,
"save_temp_ttl_enable": true,
"save_temp_ttl": "30d",
"load_gist": true,
"load_elasticsearch": true,
"load_elasticsearch_size": 20,
"load_local": true,
"hide": false
},
"pulldowns": [
{
"type": "query",
"collapse": false,
"notice": false,
"query": "*",
"pinned": true,
"history": [
"*"
],
"remember": 10,
"enable": true
},
{
"type": "filtering",
"collapse": false,
"notice": true,
"enable": true
}
],
"nav": [
{
"type": "timepicker",
"collapse": false,
"notice": false,
"status": "Stable",
"time_options": [
"5m",
"15m",
"1h",
"6h",
"12h",
"24h",
"2d",
"7d",
"30d"
],
"refresh_intervals": [
"5s",
"10s",
"30s",
"1m",
"5m",
"15m",
"30m",
"1h",
"2h",
"1d"
],
"timefield": "@timestamp",
"enable": true,
"now": true,
"filter_id": 1
}
],
"refresh": false
}7.然后,导入该配置文件:选择上面保存的那个配置文件
8.效果图:在query可以进行搜索
在filterng可以进行过滤操作,即可实现快速定位报错的地方
标签:elk,false,springboot,windows,type,elasticsearch,query,true,logstash From: https://blog.51cto.com/u_15932265/5993508