1、elk收集tomcat普通日志:
只在logstash节点增加如下文件,重启logstash即可:
cat >>/home/logstash-6.3.0/config/tomcat_test.conf<<EOF
input {
file {
path => ["/usr/local/tomcat/logs/localhost_access_log.2019-02-12.txt"]
type => "tomcat_log"
start_position => "beginning"
codec => json
}
}
filter {
date {
match => [ "timestamp" , "YYYY-MM-dd HH:mm:ss" ]
}
}
output {
elasticsearch {
hosts => ["192.168.0.91:9200"]
index => "tomcat-pc-%{+YYYY.MM.dd}"
}
stdout {
codec => rubydebug
}
}
EOF
2、elk收集tomcat中catalina.out日志
只在logstash节点增加如下文件,重启logstash即可:
cat >>/home/logstash-6.3.0/config/tomcat_catalina.out.conf<<EOF
input {
file {
path => ["/usr/local/tomcat/logs/catalina.out"]
type => "tomcat_log"
start_position => "beginning"
codec => json
}
}
filter {
date {
match => [ "timestamp" , "YYYY-MM-dd HH:mm:ss" ]
}
}
output {
elasticsearch {
hosts => ["192.168.0.91:9200"]
index => "tomcat-pc-%{+YYYY.MM.dd}"
}
stdout {
codec => rubydebug
}
}
EOF
参照文档:
https://www.cnblogs.com/kakarott/p/8118906.html
