【filebeat】filebeat采集tomcat的数据发送到logstash,logstash发送到ES数据库集群

于 2024-06-30 13:05:45 发布
阅读量133 收藏
点赞数 3
分类专栏: ElasticSearch-kibana-logstash 文章标签: elasticsearch 数据库 服务器
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_43346403/article/details/140079533
版权

1.安装filebeat 


 tar xvf filebeat-7.9.2-linux-x86_64.tar.gz
[esadmin@oracle1 soft]$ mkdir -p /esdb/filebeat
[esadmin@oracle1 soft]$ cp -r filebeat-7.9.2-linux-x86_64/* /esdb/filebeat
*/

2.配置filebeat 采集tomcat到Logstash

input {
	beats {
	port => "5044"
	codec => "json"
	client_inactivity_timeout => 36000
	}
}
filter {
	mutate {
	gsub => ["message","\\x","\\\x"]
	}
	json {
	source => "message"
	}
	mutate {
	add_field => { "tomcat_ip" => "%{[@metadata][ip_address]}" }
	convert => ["[geoip][coordinates]", "float"]
	remove_field => [ "host" ]
	}
}
output {
	elasticsearch {
	hosts => ["192.168.1.7:9201", "192.168.1.7:9202","192.168.1.7:9203"]
	index => "sspu-filebeat-%{+YYYY.MM.dd}"
	user => elastic
	password => esadmin
	}
}


--重启logstash 
/esdb/logstash/app/bin/logstash -f /esdb/logstash/app/config/sspu-tomcat.conf &

3.tomcat日志格式

{"clientip":"192.168.1.7","ClientUser":"-","authenticated":"-","AccessTime":"[30/Jun/2024:11:23:28 +0800]","method":"GET / HTTP/1.0","status":"200","SendBytes":"11219","Query?string":"","partner":"-","AgentVersion":"ApacheBench/2.3"}
{"clientip":"192.168.1.7","ClientUser":"-","authenticated":"-","AccessTime":"[30/Jun/2024:11:23:28 +0800]","method":"GET / HTTP/1.0","status":"200","SendBytes":"11219","Query?string":"","partner":"-","AgentVersion":"ApacheBench/2.3"}

4.logstash端口查看:9600

[esadmin@oracle1 config]$ netstat -anplt |grep 9600
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
tcp6       0      0 127.0.0.1:9600          :::*                    LISTEN      60529/java          
[esadmin@oracle1 config]$ ps -ef |grep logstash
esadmin   60529      1 11 11:12 pts/6    00:04:52 /esdb/jdk-17.0.11/bin/java -server -Xms512M -Xmx512M -XX:+DisableExplicitGC -XX:+UseG1GC -XX:G1ReservePercent=25 
-XX:InitiatingHeapOccupancyPercent=30 -Djava.awt.headless=true 
-Dfile.encoding=UTF-8 -Djruby.compile.invokedynamic=true 
-Djruby.jit.threshold=0 -Djruby.regexp.interruptible=true 
-XX:+HeapDumpOnOutOfMemoryError -Djava.security.egd=file:/dev/urandom 
-Dlog4j2.isThreadContextMapInheritable=true 
--add-opens java.base/sun.nio.ch=ALL-UNNAMED 
--add-opens java.base/java.io=ALL-UNNAMED 
--add-opens java.base/java.security=ALL-UNNAMED 
-cp /esdb/logstash/app/logstash-core/lib/jars/animal-sniffer-annotations-1.14.jar:
/esdb/logstash/app/logstash-core/lib/jars/checker-compat-qual-2.0.0.jar:
/esdb/logstash/applogstash-core/lib/jars/commons-codec-1.14.jar:
/esdb/logstash/app/logstash-core/lib/jars/commons-compiler-3.1.0.jar:
/esdb/logstash/app/logstash-core/lib/jars/commons-logging-1.2.jar:
/esdb/logstash/app/logstash-core/lib/jars/error_prone_annotations-2.1.3.jar:
/esdb/logstash/app/logstash-core/lib/jars/google-java-format-1.1.jar:
/esdb/logstash/app/logstash-core/lib/jars/gradle-license-report-0.7.1.jar:
/esdb/logstash/app/logstash-core/lib/jars/guava-24.1.1-jre.jar:
/esdb/logstash/app/logstash-core/lib/jars/j2objc-annotations-1.1.jar:
/esdb/logstash/app/logstash-core/lib/jars/jackson-annotations-2.9.10.jar:
/esdb/logstash/app/logstash-core/lib/jars/jackson-core-2.9.10.jar:
/esdb/logstash/app/logstash-core/lib/jars/jackson-databind-2.9.10.4.jar:
/esdb/logstash/app/logstash-core/lib/jars/jackson-dataformat-cbor-2.9.10.jar:/esdb/logstash/app/logstash-core/lib/jars/janino-3.1.0.jar:/esdb/logstash/app/logstash-core/lib/jars/javassist-3.26.0-GA.jar:/esdb/logstash/app/logstash-core/lib/jars/jruby-complete-9.2.13.0.jar:/esdb/logstash/app/logstash-core/lib/jars/jsr305-1.3.9.jar:/esdb/logstash/app/logstash-core/lib/jars/log4j-api-2.13.3.jar:/esdb/logstash/app/logstash-core/lib/jars/log4j-core-2.13.3.jar:/esdb/logstash/app/logstash-core/lib/jars/log4j-jcl-2.13.3.jar:/esdb/logstash/app/logstash-core/lib/jars/log4j-slf4j-impl-2.13.3.jar:/esdb/logstash/app/logstash-core/lib/jars/logstash-core.jar:/esdb/logstash/app/logstash-core/lib/jars/org.eclipse.core.commands-3.6.0.jar:/esdb/logstash/app/logstash-core/lib/jars/org.eclipse.core.contenttype-3.4.100.jar:/esdb/logstash/app/logstash-core/lib/jars/org.eclipse.core.expressions-3.4.300.jar:/esdb/logstash/app/logstash-core/lib/jars/org.eclipse.core.filesystem-1.3.100.jar:/esdb/logstash/app/logstash-core/lib/jars/org.eclipse.core.jobs-3.5.100.jar:/esdb/logstash/app/logstash-core/lib/jars/org.eclipse.core.resources-3.7.100.jar:/esdb/logstash/app/logstash-core/lib/jars/org.eclipse.core.runtime-3.7.0.jar:/esdb/logstash/app/logstash-core/lib/jars/org.eclipse.equinox.app-1.3.100.jar:/esdb/logstash/app/logstash-core/lib/jars/org.eclipse.equinox.common-3.6.0.jar:/esdb/logstash/app/logstash-core/lib/jars/org.eclipse.equinox.preferences-3.4.1.jar:/esdb/logstash/app/logstash-core/lib/jars/org.eclipse.equinox.registry-3.5.101.jar:/esdb/logstash/app/logstash-core/lib/jars/org.eclipse.jdt.core-3.10.0.jar:/esdb/logstash/app/logstash-core/lib/jars/org.eclipse.osgi-3.7.1.jar:/esdb/logstash/app/logstash-core/lib/jars/org.eclipse.text-3.5.101.jar:/esdb/logstash/app/logstash-core/lib/jars/reflections-0.9.11.jar:/esdb/logstash/app/logstash-core/lib/jars/slf4j-api-1.7.25.jar org.logstash.Logstash -f /esdb/logstash/app/config/sspu-tomcat.conf
esadmin   61211  61105  0 11:54 pts/6    00:00:00 grep --color=auto logstash

5.启动 filebeat 

su - esadmin
chmod 755 /esdb/filebeat/sspu-tomcat.yml

nohup /esdb/filebeat/filebeat -e -c /esdb/filebeat/sspu-tomcat.yml &

6.向tomcat写入数据

--重新部署一个tomcat:8081;
ab -n100000 -c10 http://192.168.1.7:8081/
[esadmin@oracle1 bin]$ ab -n100000 -c10 http://192.168.1.7:8081/
This is ApacheBench, Version 2.3 <$Revision: 1430300 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking 192.168.1.7 (be patient)
Completed 10000 requests
Completed 20000 requests
Completed 30000 requests
Completed 40000 requests
Completed 50000 requests
Completed 60000 requests
Completed 70000 requests
Completed 80000 requests
Completed 90000 requests
Completed 100000 requests
Finished 100000 requests


Server Software:        
Server Hostname:        192.168.1.7
Server Port:            8081

Document Path:          /
Document Length:        11219 bytes

Concurrency Level:      10
Time taken for tests:   40.344 seconds
Complete requests:      100000
Failed requests:        0
Write errors:           0
Total transferred:      1133100000 bytes
HTML transferred:       1121900000 bytes
Requests per second:    2478.68 [#/sec] (mean)
Time per request:       4.034 [ms] (mean)
Time per request:       0.403 [ms] (mean, across all concurrent requests)
Transfer rate:          27427.71 [Kbytes/sec] received

Connection Times (ms)
              min  mean[+/-sd] median   max
Connect:        0    0   0.6      0      18
Processing:     0    3   8.4      3    1874
Waiting:        0    3   8.3      2    1873
Total:          0    4   8.4      3    1874

Percentage of the requests served within a certain time (ms)
  50%      3
  66%      4
  75%      4
  80%      5
  90%      6
  95%      7
  98%     11
  99%     15
 100%   1874 (longest request)

7.查看数据

[esadmin@oracle1 config]$ jps
60529 Logstash
45909 Elasticsearch
60743 Bootstrap
46155 Elasticsearch
61339 Jps
46351 Elasticsearch


sspu-filebeat-2024.06.30 green open 3 1 9779 9.6mb

戒掉贪嗔痴(薛双奇)
关注
  • 3
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
2021最新版7.X => filebeat+logstash+ES集群+kibana实战.txt
08-21
filebeat+logstash+ES集群+kibana实战.txt
tomcat集群部署.
02-26
统一的日志管理系统,如Logstash+Elasticsearch+Kibana,便于排查问题。 9. **优化**: 根据实际负载调整Tomcat服务器的配置,如JVM内存大小、线程池大小等,确保性能最优。 以上就是关于“Tomcat集群部署”的...
tomcat 配置 logstash 日志收集
weixin_34335458的博客
12-13 264
tomcat 配置logstash日志收集 log4j.rootLogger=WARN, logstash, stdout, logfile log4j.appender.logstash=org.apache.log4j.net.SocketAppender log4j.appender.logstash.Port=456...
filebeat + logstash + es项目
登高~
01-20 1427
背景 对于部分生产上的日志无法像 Nginx 那样,可以直接将输出的日志转为 Json 格式 但是可以借助 Logstash 来将我们的 ”非结构化数据“,转为 "结构化数据"; logstash介绍 Logstash 的基础架构类似于 pipeline 流水线: Input:数据采集(常用插件:stdin、file、kafka、beat、http、) Filter:数据解析/转换(常用插件:grok、date、geoip、mutate、useragent) Output:数据输出 (常用插件:El
Filebeat+Logstash+Es+Kibana 搭建记录
weixin_42545702的博客
06-15 646
整体结构图 : 1服务器2台: 1.1 (121.40.165.59): Filebeat-6.3.2 Logstash-6.3.2 Kibana-6.3.2 1.2 (47.99.139.182): ES -6.3.2 2搭建: 2.1 Filebeat: 官网下载压缩包,解压在 /usr/local/filebeat 目录下, 编辑目录下 filebeat.yml 文件: filebeat.inputs: - type: tcp enabled: true max_message_size:
Logstash:用 Filebeat数据传入到 Logstash
热门推荐
Elastic 中国社区官方博客
09-10 1万+
在今天的讲座里,我们来讲述一下如何把Filebeat里的数据传入到Logstash之中。在做这个练习之前,我想信大家已经安装我之前的文章“如何安装Elastic栈中的Logstash”把Logstash安装好。 之前,我们介绍了一这样的一幅图: 如上图所示,我们可以直接把beats里的数据直接传入到Elasticsearch,也可以直接接入到Logstash之中。 数据采集流程: ...
tomcat7集群
07-29
日志的集中管理和分析也是必不可少的,Logstash、ELK(Elasticsearch、Logstash、Kibana)栈可以提供强大的日志处理能力。 7. **安全考虑**:在集群环境下,安全性更需重视。使用SSL/TLS进行通信,确保数据传输的...
Tomcat服务器集群和负载均衡
01-09
同时,对日志进行集中管理和分析,如使用ELK(Elasticsearch、Logstash、Kibana)堆栈。 8. **故障恢复**:设置故障转移策略,当某个节点出现故障时,确保请求能被正确地重定向到其他可用节点。 在实际操作中,...
一晚上搞定Tomcat集群
11-28
日志管理和分析也是必不可少的,可以使用集中式日志系统如Logstash、Elasticsearch和Kibana(ELK堆栈)。 10. **测试与优化**:完成配置后,务必进行详尽的测试,包括正常和异常情况,以确保系统的稳定性和可扩展性...
linux nginx tomcat 集群搭建
08-06
最后,为了监控和维护这个集群,我们需要安装日志管理和性能监控工具,如ELK(Elasticsearch、Logstash、Kibana)堆栈和Prometheus+Grafana,以便实时查看系统状态并快速定位问题。 总之,通过Linux、Nginx和Tomcat...
jackson-databind-2.9.8最新jar包
02-03
jackson-databind-2.9.8最新jar包
centOS7 运用filebeat+logstash+es+kibana
码农的专栏
10-24 2393
一、配置:logstash server 的配置文件 nano /etc/logstash/logstash.conf ################################## # Sample Logstash configuration for creating a simple # Beats -> Logstash -> Elasticsearch pipeline. input { beats { port => 5044 } } filter
filebeat-logstash-es综合运用
dark
02-21 2110
file_2_file inputs: 两个文件,一个标准输入流 outputs: 一个文件,一个标准输出流 file_2_file.conf input { stdin{} file{ path =&amp;amp;amp;amp;amp;amp;amp;gt; [&amp;amp;amp;amp;amp;amp;quot;/home/logstash/a_input_msg&amp;amp;amp;amp;a
logstash收集tomcat日志
testunit的专栏
01-11 1945
目录 简介 JULI 组件的Handler与Formatter 修改tomcat控制台日志 修改tomcat访问access日志修改为json格式 修改tomcat其他日志 简介 Tomcat 的内部日志使用 JULI 组件,这是一个 Apache Commons 日志的重命名的打包分支,默认被硬编码,使用 java.util.logging 架构。这能保证 Tomcat 内部日志与...
logstash 处理tomcat日志
weixin_30784945的博客
08-29 142
[root@dr-mysql01 tomcat]# cat logstash_tomcat.conf input { file { type => "zj_api" path => ["/data01/applog_backup/zjzc_log/zj-api*"] } ...
LogstashFilebeat安装与数据同步(+ES安装讲解)
lydms的博客
08-04 4725
Logstash安装、Filebeat安装、数据同步到ES
构建Logstash+tomcat镜像(让logstash收集tomcat日志)
weixin_33826609的博客
12-09 218
1、首先pull logstash镜像作为父镜像(logstash的Dockerfile在最下面): 2、构建my-logstash镜像,使其在docker镜像实例化时,可以使用自定义的logstash配置文件。 Dockerfile:   1 2 3 FROM logstash COPY logstash.conf /some/config-dir/ CMD ["-f", ...
Logstash 读取tomcat错误日志
架构师的成长之路的博客
04-16 5805
Logstash 读取tomcat错误日志分布式实战(干货)spring cloud 实战(干货)mybatis 实战(干货)spring boot 实战(干货)React 入门实战(干货)构建中小型互联网企业架构(干货)python 学习持续更新ElasticSearch 笔记概述最近搭建了elk日志分析系统、想读取一下tomcat的错误日志、但是一个异常由于换行总是分多次存储展示、导致不是很清...
ELK日志归集 - 搭建及使用说明文档V1.0.docx
最新发布
11-14
- **Logstash**:Logstash的强大在于它的数据处理能力,它可以解析多种格式的日志,应用过滤器进行数据转换,并将处理后的数据发送到Elasticsearch。 - **Elasticsearch**:作为分布式搜索引擎,Elasticsearch能够...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值