ELK简介
ELK是Elasticsearch+Logstash+Kibana简称
Elasticsearch 是一个分布式的搜索和分析引擎,可以用于全文检索、结构化检索和分析,并能将这三者结合起来。Elasticsearch 基于 Lucene 开发,现在是使用最广的开源搜索引擎之一。
Logstash 简单来说就是一根具备实时数据传输能力的管道,负责将数据信息从管道的输入端传输到管道的输出端,与此同时这根管道还可以让你根据自己的需求在中间加上滤网,Logstash提供了很多功能强大的滤网以满足你的各种应用场景。
Kibana 是一个开源的分析与可视化平台,设计出来用于和Elasticsearch一起使用的。你可以用kibana搜索、查看、交互存放在Elasticsearch索引里的数据,使用各种不同的图标、表格、地图等,kibana能够很轻易的展示高级数据分析与可视化。
ELK下载安装
可以去官网分别下载安装:https://www.elastic.co/downlo…
需要提前安装JDK1.8,这里我是在windows上操作。
Elasticsearch安装启动
如图,下载Elasticsearch并解压
config/elasticsearch.yml配置文件,修改配置(也是默认配置,可以不做修改)
network.host=localhost
network.port=9200
sticsearch.bat,启动成功,访问localhost:9200
{
"name" : "cTP-_7z",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "6tnImaw3RyKHlErGQrtuvw",
"version" : {
"number" : "6.3.1",
"build_flavor" : "default",
"build_type" : "zip",
"build_hash" : "eb782d0",
"build_date" : "2018-06-29T21:59:26.107521Z",
"build_snapshot" : false,
"lucene_version" : "7.3.1",
"minimum_wire_compatibility_version" : "5.6.0",
"minimum_index_compatibility_version" : "5.0.0"
},
"tagline" : "You Know, for Search"
}logstash安装启动
如图,下载Logstash并解压
bin目录下新建配置log4j_to_es.conf
input {
tcp {
##host:port就是上面appender中的 destination,这里其实把logstash作为服务,开启8080端口接收logback发出的消息
host => "localhost"
port => 8080
#模式选择为server
mode => "server"
tags => ["tags"]
##格式json
codec => json_lines
}
}
output {
elasticsearch {
#ES地址
hosts => "127.0.0.1:9200"
#指定索引名字
index => "applog"
}
stdout { codec => rubydebug}
}新建文件run_default.bat
logstash -f log4j_to_es.conf保存直接双击该配置文件,启动成功,控制台输出如下:
访问localhost:9600:
{"host":"LAPTOP-MJ88A0EI","version":"6.3.1","http_address":"127.0.0.1:9600","id":"a0fe5a6f-e35d-4c5f-8b87-24344a928239","name":"LAPTOP-MJ88A0EI","build_date":"2018-06-29T22:43:59Z","build_sha":"b79493047db01afca1e11c856fe8538d7ecb5787","build_snapshot":false}Kibana安装启动
如图,下载Kibana并解压
这里,直接默认配置即可,bin/kibana.bat双击运行,启动成功,访问localhost:5601
至此,软件启动完毕!
创建SpringBoot项目,pom.xml文件如下:
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.zm.elk</groupId>
<artifactId>elk</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>jar</packaging>
<name>elk</name>
<description></description>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.0.3.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-log4j</artifactId>
<version>1.3.8.RELEASE</version>
</dependency>
<dependency>
<groupId>net.logstash.logback</groupId>
<artifactId>logstash-logback-encoder</artifactId>
<version>4.9</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>log4j的配置如下:
log4j.rootLogger=INFO,console
# for package com.demo.elk, log would be sent to socket appender.
log4j.logger.com.forezp=DEBUG, socket
# appender socket
log4j.appender.socket=org.apache.log4j.net.SocketAppender
log4j.appender.socket.Port=4560
log4j.appender.socket.RemoteHost=localhost
log4j.appender.socket.layout=org.apache.log4j.PatternLayout
log4j.appender.socket.layout.ConversionPattern=%d [%-5p] [%l] %m%n
log4j.appender.socket.ReconnectionDelay=10000
# appender console
log4j.appender.console=org.apache.log4j.ConsoleAppender
log4j.appender.console.target=System.out
log4j.appender.console.layout=org.apache.log4j.PatternLayout
log4j.appender.console.layout.ConversionPattern=%d [%-5p] [%l] %m%nlogback..xml配置如下:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<appender name="LOGSTASH" class="net.logstash.logback.appender.LogstashTcpSocketAppender">
<destination>localhost:8080</destination>
<encoder charset="UTF-8" class="net.logstash.logback.encoder.LogstashEncoder" />
</appender>
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
<encoder charset="UTF-8"> <!-- encoder 可以指定字符集,对于中文输出有意义 -->
<pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger - %msg%n</pattern>
</encoder>
</appender>
<root level="INFO">
<appender-ref ref="LOGSTASH" />
<appender-ref ref="STDOUT" />
</root>
</configuration>目录结构如下:
log测试:
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.test.context.junit4.SpringRunner;
@RunWith(SpringRunner.class)
@SpringBootTest
public class ElkApplicationTests {
// 定义一个全局的记录器,通过LoggerFactory获取
private final static Logger log = LoggerFactory.getLogger(Test.class);
@Before
public void setUp() {
}
@Test
public void test() {
log.trace("trace 成功了");
log.debug("debug 成功了");
log.info("info 成功了");
log.warn("warn 成功了");
log.error("error 成功了");
}
}回到kibana上查看信息:
然后create index pattern
回到Discover
在右边就能看到具体的日志信息啦!!
还可以自己修改filter查看需要的信息,具体的自己可以捣鼓捣鼓玩玩。
