bootstrap + ELK收集日志

安装ELK组件,版本都使用5.4.1
一.安装jdk1.8 参考此连接
二.安装elasticsearch
1.curl -L -O https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-5.4.1.tar.gz
2.tar -xvf elasticsearch-5.4.1.tar.gz
3. 创建admin用户,elasticsearch不能使用root启动
groupadd admingroupadd admin
useradd -g admin admin
chown admin.admin /elasticsearch-5.4.1/ -R
修改配置:

vi elasticsearch-5.4.1/config/elasticsearch.yml 

主要内容:

network.host: 172.16.32.241
http.port: 9200

4.启动./bin/elasticsearch
启动报错(简要错误信息)
1).

initial heap size [268435456] not equal to maximum heap size [2147483648]

切换到root
在/etc/sysctl.conf文件最后添加一行 vm.max_map_count=262144
执行

[root@localhost elasticsearch-5.4.1]# sysctl -p
vm.max_map_count = 262144
[root@localhost elasticsearch-5.4.1]# 

2).heap size [268435456] not equal to maximum heap size [2147483648]
修改 config/jvm.options,将默认的2g修改为:

-Xms256m
-Xmx256m

3).max file descriptors [4096] for elasticsearch process is too low, increase to at least [65536]

vi /etc/security/limits.conf

在末尾处增加:

admin hard nofile 65536
admin soft nofile 65536

[root@localhost elasticsearch-5.4.1]# ulimit -Hn
4096

demo单机版本差不多也就这些问题,顺利的话就可以启动了,访问http://172.16.32.2419200/

二.安装kibana
https://www.elastic.co/downloads/past-releases 找到对应版本下载,上传到linux,解压即可
修改配置文件

[root@localhost java]# vi kibana-5.4.1-linux-x86_64/config/kibana.yml

主要这几个地方:

server.port: 5601
server.host: "172.16.32.241"
elasticsearch.url: "http://172.16.32.241:9200"

启动

./kibana-5.4.1-linux-x86_64/bin/kibana

三.安装logstash
https://www.elastic.co/downloads/past-releases

创建启动文件
touch logstash-5.4.1/config/log.conf

input {
    tcp {  
        host => "172.16.32.241"  
        port => 9601  
        mode => "server"  
        tags => ["tags"]  

        codec => json_lines         
    }  

} 

output {
        elasticsearch {
                hosts => "172.16.32.241:9200"
                index => "%{[appname]}-%{+YYYY.MM.dd}"
        }
        stdout { codec => rubydebug}
}

指定目标文件启动:

./bin/logstash -f config/log.conf

ELK都启动了,看linux后台不滚错误日志就可以了.

四.创建bootStrap项目
pom.xml

<dependency>
  <groupId>net.logstash.logback</groupId>
    <artifactId>logstash-logback-encoder</artifactId>
    <version>4.11</version>
</dependency>

logback.xml配置

<?xml version="1.0" encoding="UTF-8"?>
<configuration debug="false" scan="true" scanPeriod="1 seconds">

    <contextName>logback</contextName>
    <property name="log.path" value="C:/study/elk.log"/>

    <appender name="console" class="ch.qos.logback.core.ConsoleAppender">
        <encoder>
            <pattern>%d{HH:mm:ss.SSS} %contextName [%thread] %-5level %logger{36} - %msg%n</pattern>
        </encoder>
    </appender>

    <appender name="file" class="ch.qos.logback.core.rolling.RollingFileAppender">
        <file>${log.path}</file>
        <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
            <fileNamePattern>${log.path}.%d{yyyy-MM-dd}.zip</fileNamePattern>
        </rollingPolicy>
        <encoder>
            <pattern>%date %level [%thread] %logger{36} [%file : %line] %msg%n
            </pattern>
        </encoder>
    </appender>
    <appender name="udp_logstash" class="net.logstash.logback.appender.LogstashTcpSocketAppender">
        <destination>172.16.32.241:9601</destination>
        <encoder charset="UTF-8" class="net.logstash.logback.encoder.LogstashEncoder" >
            <!--elk_test 索引 -->
            <customFields>{"appname":"elk_test"}</customFields>
        </encoder>
    </appender>
    <!-- 一般级别定在warn-->
    <root level="info">
        <appender-ref ref="console"/>
        <appender-ref ref="file"/>
        <appender-ref ref="udp_logstash"/>
    </root>

</configuration>

测试类:

@RunWith(SpringRunner.class)
@SpringBootTest
public class ElkApplicationTests {
    private static Logger logger = LoggerFactory.getLogger(ElkApplicationTests.class);
    @Test
    public void contextLoads() {
        for(int i=0;i<10;i++) {
            logger.info("模拟日志:"+System.currentTimeMillis() + "-" + i);
        }
    }

}

执行测试方法,查看http://172.16.32.241:5601
创建索引


可以查询日志了.单机版!