参考
- https://www.cnblogs.com/hualess/p/11540477.html
- https://blog.csdn.net/susu1083018911/article/details/124551632
- https://blog.csdn.net/Dyanxier/article/details/131302723
- https://blog.csdn.net/qq_44768464/article/details/120101990
- https://www.cnblogs.com/coderxz/p/13268417.html
- https://blog.csdn.net/Baldprogrammer/article/details/119429530
- https://www.cnblogs.com/youqc/p/15397900.html
- https://blog.csdn.net/Anumbrella/article/details/102691831
注意
- mvn 依赖 logstash-logback-encoder 7.4 版本测试出错,7.3 可以。。
- 所有服务启动后,Logstash 命令行无输出 json 应该是 Spring Boot 项目没有正确发送日志,试试清理 Spring Boot 项目的依赖,重新启动项目;或重启电脑。
- 比较新的架构是 ELKB。
- Elasticsearch 的安全开关默认打开,请求协议为 https,访问:
https://127.0.0.1:9200需要输入账号密码。
环境
| 环境 | 版本 | 说明 |
|---|---|---|
| windows | 10 | |
| vs code | 1.85.1 | |
| Spring Boot Extension Pack | v0.2.1 | vscode插件 |
| Extension Pack for Java | v0.25.15 | vscode插件 |
| JDK | 11 | |
| Springboot | 2.3.12.RELEASE | |
| Apache Maven | 3.8.6 | |
| logstash-logback-encoder | 7.3 | mvn驱动,测试7.4版本可能存在问题,导致无法发送日志给logstash |
| Elasticsearch | 8.11.3 | 下载 |
| kibana | 8.11.3 | 需要与ES一致 下载 |
| Logstash | 8.11.3 | 需要与ES一致,另外cn语言网站没有exe安装包,需要去fr语言网站下载 下载 |
正文
准备
-
下载 Elasticsearch 、Kibana 、 Logstash。
-
Elasticsearch
elasticsearch-8.11.3\config\elasticsearch.yml部分配置调整:# Enable security features # 6.8 和 7.1 后默认开启安全,强制ssl与账号密码 # 默认true xpack.security.enabled: false # 追加到文件尾部,设置插件访问es配置。 http.cors.enabled: true http.cors.allow-origin: "*" -
Kibana
kibana-8.11.3\config\kibana.yml配置追加:# 提供服务的IP server.host: "localhost" # 提供服务的端口,也就是 Kibana 网页面板访问的端口号。 server.port: 5601 # es服务的地址 elasticsearch.hosts: ["http://localhost:9200"] # 本地化 i18n.locale: "zh-CN" -
Logstash
logstash-8.11.3\config\logstash.conf新增配置文件:# 启动命令 ./bin/logstash.bat -f ./config/logstash.conf input{ tcp { mode => "server" host => "0.0.0.0" #我这里是本地 port => 4567 #开放这个端口进行采集 codec => json_lines # 编解码器 } } output{ elasticsearch { #es地址 hosts=>"127.0.0.1:9200" # 在es里产生的index的名称 index => "springboot-%{+YYYY.MM.dd}" } stdout{ codec => rubydebug } } -
Spring Boot 项目配置
pom.xml追加依赖<!-- https://mvnrepository.com/artifact/net.logstash.logback/logstash-logback-encoder --> <dependency> <groupId>net.logstash.logback</groupId> <artifactId>logstash-logback-encoder</artifactId> <version>7.3</version> </dependency>src\main\resources\application.properties追加配置# 引入 logstash 配置 logging.config=classpath:logstash-spring.xml logging.level.root=INFO- 创建
src\main\resources\logstash-spring.xml并写入:<?xml version="1.0" encoding="UTF-8"?> <configuration> <include resource="org/springframework/boot/logging/logback/base.xml" /> <appender name="LOGSTASH" class="net.logstash.logback.appender.LogstashTcpSocketAppender"> <!-- Logstash 配置中开放的端口 input{ tcp { mode => "server" host => "0.0.0.0" #我这里是本地 port => 4567 #开放这个端口进行采集 codec => json_lines # 编解码器 有的版本需要独自安装 } } --> <destination>localhost:4567</destination> <encoder charset="UTF-8" class="net.logstash.logback.encoder.LogstashEncoder" /> </appender> <!-- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> <encoder class="net.logstash.logback.encoder.LoggingEventCompositeJsonEncoder"> <jsonGeneratorDecorator class="net.logstash.logback.decorate.FeatureJsonGeneratorDecorator"/> <providers> <pattern> <pattern> { "date": "%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ}", "level": "%level", "msg": "%msg" } </pattern> </pattern> </providers> </encoder> </appender> --> <root level="INFO"> <appender-ref ref="LOGSTASH" /> <!-- <appender-ref ref="STDOUT" /> --> </root> </configuration>
启动
启动顺序为 1. Elasticsearch、2. Kibana、Logstash、3. Spring Boot 项目。
-
Elasticsearch 双击启动
elasticsearch-8.11.3\bin\elasticsearch.bat,访问http://127.0.0.1:9200/显示如下内容为启动成功。{ "name" : "DESKTOP-XXXXXXX", "cluster_name" : "elasticsearch", "cluster_uuid" : "XXXXNTUgXXXJTTNwXXpXXw", "version" : { "number" : "8.11.3", "build_flavor" : "default", "build_type" : "zip", "build_hash" : "64cf0xxx3b56b1fd444xxx454cb88aca7e7xxx9a", "build_date" : "2023-12-08T11:33:53.634979452Z", "build_snapshot" : false, "lucene_version" : "9.8.0", "minimum_wire_compatibility_version" : "7.17.0", "minimum_index_compatibility_version" : "7.0.0" }, "tagline" : "You Know, for Search" } -
Kibana 双击启动
kibana-8.11.3\bin\kibana.bat,访问http://127.0.0.1:5601(图片:https://zhuanlan.zhihu.com/p/649902671)。首次启动提示 kibana no such index [.kibana],重启es和 kibana 试试。
-
Logstash 命令启动(指定配置文件):
./logstash-8.11.3/bin/logstash.bat -f ./logstash-8.11.3/config/logstash.conf出现如下类似的控制台输出为启动成功。
[2023-12-29T10:40:56,656][INFO ][logstash.javapipeline ][main] Pipeline Java execution initialization time {"seconds"=>0.85} [2023-12-29T10:40:56,802][INFO ][logstash.javapipeline ][main] Pipeline started {"pipeline.id"=>"main"} [2023-12-29T10:40:56,803][INFO ][logstash.inputs.tcp ][main][66431899e5xxe6919xxaba30xx636afdf4xx4c6f458a9245473bd02c7c1650c6] Starting tcp input listener {:address=>"0.0.0.0:4567", :ssl_enabled=>false} [2023-12-29T10:40:56,815][INFO ][logstash.agent ] Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]} -
启动 Spring Boot 项目。
校验
- 启动 Spring Boot 项目后,观察 Logstash 启动命令行,显示如下类似信息即表示接收到了数据。
...
{
"@version" => "1",
"level_value" => 20000,
"logger_name" => "org.springframework.web.servlet.DispatcherServlet",
"message" => "Initializing Servlet 'dispatcherServlet'",
"thread_name" => "http-nio-8080-exec-3",
"@timestamp" => 2023-12-29T02:54:04.553Z,
"level" => "INFO"
}
{
"@version" => "1",
"level_value" => 30000,
"logger_name" => "com.xiaqiuchu.elk.controller.IndexController",
"message" => "warn log",
"thread_name" => "http-nio-8080-exec-3",
"@timestamp" => 2023-12-29T02:54:04.557Z,
"level" => "WARN"
}
{
"@version" => "1",
"level_value" => 20000,
"logger_name" => "org.springframework.web.servlet.DispatcherServlet",
"message" => "Completed initialization in 1 ms",
"thread_name" => "http-nio-8080-exec-3",
"@timestamp" => 2023-12-29T02:54:04.554Z,
"level" => "INFO"
}
{
"@version" => "1",
"level_value" => 20000,
"logger_name" => "org.apache.catalina.core.ContainerBase.[Tomcat].[localhost].[/]",
"message" => "Initializing Spring DispatcherServlet 'dispatcherServlet'",
"thread_name" => "http-nio-8080-exec-3",
"@timestamp" => 2023-12-29T02:54:04.549Z,
"level" => "INFO"
}
...
数据可视化
- 访问 Kibana
http://127.0.0.1:5601(ip与端口都在配置文件中配置的)。 - 选择 左侧菜单->Machine Learning
- 选择 可视化来自视图的数据。
- 选择 创建数据视图。
- 设置名称与索引模式,然后选择 保存数据视图到 Kibana 。(名称任意设置,索引模式是指匹配数据流,在 Logstash 配置文件中可以设置这个索引。如果索引模式匹配不到你的数据流,那么需要确认下是否正确将日志发送到 Logstash 没有。)
- 完毕(如果没数据请检查数据是否成功发送,另外可以调整数据统计时间区间)。
仪表板(自定义的数据大屏)
