windows下ELK8.0搭建
第一步:官网下载相关文件
https://www.elastic.co/cn/elastic-stack/
第二步:启动起来,如果要在ELK上显现日志,LogStash需要在bin目录下新建一个conf文件做配置
input { udp{ host=>"你的IP" port=>9601 } file { path => "C:/Users/Administrator/source/repos/Test/APITest/bin/Debug/netcoreapp3.1/Logs/\*.log" } } output { elasticsearch { hosts => ["http://localhost:9200/"] index => "logstash-%{+YYYY.MM.dd}" } }
然后将使用一下命令启动logstash
logstash.bat -f logstash_default.conf
如果报错,可以使用绝对路径
启动之后
ES:http://localhost:9200 Kibana:http://localhost:5601
第三步:VS新建一个项目,我用的是Nlog
Nlog配置如下:
<?xml version="1.0" encoding="utf-8" ?> <nlog xmlns="http://www.nlog-project.org/schemas/NLog.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.nlog-project.org/schemas/NLog.xsd NLog.xsd" autoReload="true" throwExceptions="false" internalLogLevel="Off" internalLogFile="c:\temp\nlog-internal.log"> <!-- optional, add some variables https://github.com/nlog/NLog/wiki/Configuration-file#variables --> <variable name="myvar" value="myvalue"/> <!-- See https://github.com/nlog/nlog/wiki/Configuration-file for information on customizing logging rules and outputs. --> <targets> <!-- add your targets here See https://github.com/nlog/NLog/wiki/Targets for possible targets. See https://github.com/nlog/NLog/wiki/Layout-Renderers for the possible layout renderers. --> <!-- Write events to a file with the date in the filename. <target xsi:type="File" name="f" fileName="${basedir}/logs/${shortdate}.log" layout="${longdate} ${uppercase:${level}} ${message}" /> --> <!--Error保存至文件--> <target name="error_file" xsi:type="File" maxArchiveFiles="30" encoding="utf-8" fileName="${basedir}/Logs/${date:yyyyMMdd}_Error.log" archiveFileName="${basedir}/Logs/${date:yyyyMMdd}_Error.{#}.log" archiveDateFormat="yyyyMMdd" archiveAboveSize="104857600" archiveNumbering="Sequence" layout="${date:yyyy-MM-dd HH\:mm\:ss} ${message} ${onexception:${exception:format=tostring} ${newline} ${stacktrace}" /> <!--Trace保存至文件--> <target name="trace_file" xsi:type="File" maxArchiveFiles="30" encoding="utf-8" fileName="${basedir}/Logs/${date:yyyyMMdd}_Trace.log" archiveFileName="${basedir}/Logs/${date:yyyyMMdd}_Trace.{#}.log" archiveDateFormat="yyyyMMdd" archiveAboveSize="104857600" archiveNumbering="Sequence" layout="${date:yyyy-MM-dd HH\:mm\:ss} ${uppercase:${level}}: ${message}" /> <!--<target xsi:type="Network" name="ownLog-tcp" keepConnection="false" address ="tcp://你的IP:9601/" layout="${longdate} ${logger} ${uppercase:${level}} ${newline}【请求url】:${aspnet-request-url} ${newline}【输出信息】:${message},【堆栈信息】:${exception: Type, ToString, Method, StackTrace} ${newline}"></target>--> <target name="network" xsi:type="Network" address="udp://你的IP:9601" layout="${message}"/> </targets> <rules> <!-- add your logging rules here --> <logger name="*" minlevel="Trace" writeTo="trace_file" /> <!--<logger name="*" minlevel="Debug" writeTo="debugger" />--> <logger name="*" minlevel="Error" writeTo="error_file" /> <!--<logger name="*" minlevel="Info" writeTo="ownLog-tcp" />--> <logger name="*" minlevel="Trace" writeTo="network" /> <!-- Write all events with minimal level of Debug (So Debug, Info, Warn, Error and Fatal, but not Trace) to "f" <logger name="*" minlevel="Debug" writeTo="f" /> --> </rules> </nlog>
之后你可以自己写点日志。
第四步:进入kibana查看
8.0之后 Kibana的 Index patterns 被移动到了 data views里面
那我们就在data views去看看
这样就创建好了
然后就可以查看日志了,可以看看效果
如果需要更加准确的中文分词,可以下载相关插件IK分词之类的,然后将插件拷贝到ES的plugin下面,重启ES即可
我也只是简单的搭建然后实践了一下,更高级的用法还没用过,后续有机会研究一下。
