安装ELK( Elasticsearch, Logstash, Kibana )
运行
sudo docker run -p 5601:5601 -p 9200:9200 -p 5044:5044 -d -it --name elk sebp/elk
进入容器
docker exec -it elk bash
修改
root@f299c2b1f632:/# cd /etc/logstash/conf.d/
vim 02-beats-input.conf
input {
tcp {
port => 5044
codec => json_lines
}
}
output {
elasticsearch {
action => "index"
index => "%{[appname]}-%{+YYYY.MM.dd}"
hosts => ["localhost:9200"]
}
}
最后重启ELK配置将生效
docker restart elk
springboot中新建logback.xml
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<include resource="org/springframework/boot/logging/logback/defaults.xml"/>
<include resource="org/springframework/boot/logging/logback/console-appender.xml"/>
<!-- 日志最大的历史 7天 -->
<property name="maxHistory" value="7"/>
<appender name="LOGSTASH"
class="net.logstash.logback.appender.LogstashTcpSocketAppender">
<destination>localhost:5044</destination>
<!-- encoder必须配置,有多种可选 -->
<encoder charset="UTF-8"
class="net.logstash.logback.encoder.LogstashEncoder">
<!-- "appname":"xxx" 的作用是指定创建索引的名字时用,并且在生成的文档中会多了这个字段 -->
<customFields>{"appname":"appName"}</customFields>
</encoder>
</appender>
<root level="DEBUG">
<appender-ref ref="CONSOLE"/>
<appender-ref ref="LOGSTASH"/>
</root>
</configuration>
遇到的错误
vm.max_map_count [65530] is too low
解决:sudo sysctl -w vm.max_map_count=262144
网友评论