快捷導(dǎo)航

Linux下如何安裝Logstash

更新時(shí)間：2023年06月19日 15:01:36 作者：我高考零分!

這篇文章主要介紹了Linux下如何安裝Logstash問題，具有很好的參考價(jià)值，希望對大家有所幫助。如有錯(cuò)誤或未考慮完全的地方，望不吝賜教

一、安裝Logstash

1.解壓tar包

cd /data/app/elk/elk-6.8.5
tar zxvf logstash-6.8.5.tar.gz

2.配置config目錄下的logstash.conf

# 數(shù)據(jù)輸入部分
input {
    # 讀取nginx訪問日志
    file {
		#path：監(jiān)聽文件的路徑,絕對路徑
        path => "/data/app/nginx/logs/access.log" #為Nginx的access.log路徑
		# 格式：json
        codec => "json"
		#start_position:監(jiān)聽文件的起始位置，beginning：從文件的頭開始讀取
        start_position => "beginning"
		#type：自定義類型
        type => "nginx-access-log"
    }
    # 讀取nginx異常日志
    file {
        path => "/data/app/nginx/logs/error.log" #為Nginx的error.log路徑
        # 格式：plain,輸入的是字符串，輸出把全部內(nèi)容放到message字段
        codec => "plain"
        start_position => "beginning"
        type => "nginx-error-log"
    }
	#filebeats方式	
	beats {
		port => 5044
        type => "beats_log"
	}
	#自定義端口，一個(gè)項(xiàng)目可對應(yīng)一個(gè)自定義tcp端口接收數(shù)據(jù)
	tcp {
		mode => "server"
		host => "192.168.X.X" #IP地址
		port => 21022
		codec => json
		type => "application-log" #application一般為項(xiàng)目名稱
	}
}
# 數(shù)據(jù)處理部分
filter{
	if[type] == "application-log"{
		mutate {
			rename => {"host" => "hostname"}
		}
	}
}
# 數(shù)據(jù)輸出部分
output {
    # beat監(jiān)控信息
	if [type] == "beats_log"{
		elasticsearch {
            hosts => ["192.168.X.X:9200"]
			manage_template => false
			index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
            user => "elastic"
            password => "elastic2021"
        }
	}
    # nginx訪問日志
    if[type] == "nginx-access-log" {
        elasticsearch {
            hosts => ["192.168.X.X:9200"]
            index => "nginx-access-log-%{+YYYY.MM.dd}" 
			# elasticsearch的用戶名、密碼
            user => "elastic"
            password => "elastic2021"
        }
    }
    # nginx異常日志
    if[type] == "nginx-error-log"{
        elasticsearch{
            hosts => ["192.168.X.X:9200"]
            index => "nginx-error-log-%{+YYYY.MM.dd}"
            user => "elastic"
            password => "elastic2021"
        }
    }
	# 應(yīng)用系統(tǒng)日志
	if[type] == "application-log"{
		elasticsearch {
			hosts => ["192.168.X.X:9200"]   
			index => "application-log-%{+YYYY.MM.dd}"
			user => "elastic"
			password => "elastic2021"
		}
	}
}

3.啟動命令

cd /data/app/elk/elk-6.8.5/logstash-6.8.5
nohup ./bin/logstash -f config/logstash.conf &

4.查看Logstash是否啟動成功

ps -ef | grep logstash

二、配置應(yīng)用項(xiàng)目的logback環(huán)境

1.在pom.xml中添加Logstash依賴

<!-- logstash 6.2 -->
<dependency>
   <groupId>net.logstash.logback</groupId>
   <artifactId>logstash-logback-encoder</artifactId>
   <version>6.2</version>
</dependency>

2.在resouces目錄下添加logback-spring.xml

<?xml version="1.0" encoding="UTF-8" ?>
<configuration debug="false">
	<!-- 為logstash輸出的JSON格式的Appender -->
	<appender name="logstash_dev"
			  class="net.logstash.logback.appender.LogstashTcpSocketAppender">
		<destination>192.168.X.X:21021</destination>
		<!-- 日志輸出編碼 -->
		<encoder
				class="net.logstash.logback.encoder.LoggingEventCompositeJsonEncoder">
			<providers>
				<timestamp>
					<timeZone>UTC</timeZone>
				</timestamp>
				<pattern>
					<pattern>
						{
						"severity": "%level",
						"service": "${APP_NAME:-}",
						"trace": "%X{X-B3-TraceId:-}",
						"span": "%X{X-B3-SpanId:-}",
						"parent": "%X{X-B3-ParentSpanId:-}",
						"exportable": "%X{X-Span-Export:-}",
						"pid": "${PID:-}",
						"thread": "%thread",
						"class": "%logger",
						"rest": "%message"
						}
					</pattern>
				</pattern>
			</providers>
		</encoder>
	</appender>
	<!-- 開發(fā)環(huán)境 -->
    <springProfile name="develop">
        <!--設(shè)置根日志級別-->
        <root level="INFO">
            <appender-ref ref="logstash_dev"/>
        </root>
    </springProfile>
</configuration>