ELK之使用filebeat收集java运行日志
安装filebeat修改配置文件/etc/filebeat/filebeat.yml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 | filebeat.prospectors:- type: log enabled: true#日志路径 paths: - /home/ekp/linux64/tomcat/logs/catalina.out#日志tags tags: [ekp-tomcat]#排除空行 exclude_lines: ['^$']#java多行日志合并 multiline: pattern: '^\d{4}-\d{1,2}-\d{1,2}\s\d{1,2}:\d{1,2}:\d{1,2}' negate: true match: after filebeat.config.modules: path: ${path.config}/modules.d/*.yml reload.enabled: falsesetup.template.settings: index.number_of_shards: 3setup.kibana:#输出至logstashoutput.logstash: hosts: ["10.1.4.242:5044"] |
传输用logstash配置/etc/logstash/conf.d/beat-redis.conf 如下
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 | input{ beats{ port => 5044 }}output{ if "nginx-ekp-log" in [tags]{ redis { host => "10.1.4.243" port => "6379" password => "123456" db => "1" data_type => 'list' key => "nginx-ekp-log" } } if "ekp-tomcat" in [tags]{ redis { host => "10.1.4.243" port => "6379" password => "123456" db => "2" data_type => 'list' key => "ekp-tomcat" } #stdout{ # codec => rubydebug #} }} |
过滤分析logstash配置/etc/logstash/conf.d/redis-elastic.conf如下
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 | input{ redis { host => "10.1.4.243" port => "6379" password => "123456" db => "1" data_type => "list" key => "nginx-ekp-log" } redis { host => "10.1.4.243" port => "6379" password => "123456" db => "2" data_type => "list" key => "ekp-tomcat" }}filter{ if "nginx-ekp-log" in [tags] { json { source => "message" } } if [user_ua] != "-" { useragent { target => "agent" source => "user_ua" } } if [lan_ip] != "-" { geoip { source => "lan_ip" target => "geoip" # database => "/usr/share/GeoIP/GeoIPCity.dat" add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ] add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}" ] } mutate { convert => [ "[geoip][coordinates]", "float"] } }}output{ if "nginx-ekp-log" in [tags] { elasticsearch{ hosts => ["10.1.4.244:9200"] index => "nginx-ekp-log-%{+YYYY.MM}" } } if "ekp-tomcat" in [tags] { elasticsearch{ hosts => ["10.1.4.244:9200"] index => "ekp-tomcat-%{+YYYY.MM}" } } # stdout{ # codec => rubydebug # }} |
启动filebeat,logstash即可把java日志多行合并进行收集
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· SQL Server 2025 AI相关能力初探
· Linux系列:如何用 C#调用 C方法造成内存泄露
· AI与.NET技术实操系列(二):开始使用ML.NET
· 记一次.NET内存居高不下排查解决与启示
· 探究高空视频全景AR技术的实现原理
· 阿里最新开源QwQ-32B,效果媲美deepseek-r1满血版,部署成本又又又降低了!
· AI编程工具终极对决:字节Trae VS Cursor,谁才是开发者新宠?
· 开源Multi-agent AI智能体框架aevatar.ai,欢迎大家贡献代码
· Manus重磅发布:全球首款通用AI代理技术深度解析与实战指南
· 被坑几百块钱后,我竟然真的恢复了删除的微信聊天记录!