Linux服务端配置

创建文件夹，用来存放elk相关的数据

$ mkdir /data/elk

1

创建logstash配置文件：logstash-springboot.conf

$ touch /data/elk/logstash/logstash-springboot.conf

1

编辑logstash-springboot.conf文件，写入以下内容

input {

tcp {

mode => "server"

host => "0.0.0.0"

port => 4560

codec => json_lines

}

}

output {

elasticsearch {

hosts => "es:9200"

index => "springboot-logstash-%{+YYYY.MM.dd}"

}

创建docker-compose.yml文件

$ touch /data/elk/docker-compose.yml

1

编写docker-compose.yml文件，写入以下内容

version: '3'

services:

elasticsearch:

image: elasticsearch:7.6.2

container_name: elasticsearch

privileged: true

user: root

environment:

- "cluster.name=elasticsearch" #设置集群名称为elasticsearch

- "discovery.type=single-node" #以单一节点模式启动

- "ES_JAVA_OPTS=-Xms512m -Xmx512m" #设置使用jvm内存大小

volumes:

- /data/elk/elasticsearch/plugins:/usr/share/elasticsearch/plugins #插件文件挂载

- /data/elk/elasticsearch/data:/usr/share/elasticsearch/data #数据文件挂载

ports:

- 9200:9200

- 9300:9300

logstash:

image: logstash:7.6.2

container_name: logstash

privileged: true

environment:

- TZ=Asia/Shanghai

volumes:

- /data/elk/logstash/logstash-springboot.conf:/usr/share/logstash/pipeline/logstash.conf #挂载logstash的配置文件

depends_on:

- elasticsearch #logstash在elasticsearch启动之后再启动

links:

- elasticsearch:es #可以用es这个域名访问elasticsearch服务

ports:

- 4560:4560

kibana:

image: kibana:7.6.2

container_name: kibana

privileged: true

links:

- elasticsearch:es #可以用es这个域名访问elasticsearch服务

depends_on:

- elasticsearch #kibana在elasticsearch启动之后再启动

environment:

- "elasticsearch.hosts=http://es:9200" #设置访问elasticsearch的地址

ports:

- 5601:5601

在docker-compose.yml所在目录执行启动命令

$ docker-compose up -d

1

如果Elasticsearch启动报错，/usr/share/elasticsearch/data下的文件无权限，请给宿主机挂载的/data/elk/elasticsearch/data赋予权限：

$ chmod 777 /data/elk/elasticsearch/data

1

遇到错误时先关闭并删除容器

$ docker-compose down

1

在logstash中安装json_lines插件

# 进入logstash容器

docker exec -it logstash /bin/bash

# 进入bin目录

cd /bin/

# 安装插件

logstash-plugin install logstash-codec-json_lines

# 退出容器

exit

# 重启logstash服务

docker restart logstash

客户端配置

注意：本例应用服务是基于springboot开发的项目。

在pom.xml中引入依赖

<!--集成logstash-->

<dependency>

<groupId>net.logstash.logback</groupId>

<artifactId>logstash-logback-encoder</artifactId>

<version>5.3</version>

</dependency>

在resources文件夹下增加 logback-spring.xml文件，并写入以下内容

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE configuration>

<configuration>

<include resource="org/springframework/boot/logging/logback/defaults.xml"/>

<include resource="org/springframework/boot/logging/logback/console-appender.xml"/>

<!--应用名称-->

<property name="APP_NAME" value="springboot-logback-elk-demo"/>

<!--日志文件保存路径-->

<property name="LOG_FILE_PATH" value="${LOG_FILE:-${LOG_PATH:-${LOG_TEMP:-${java.io.tmpdir:-/tmp}}}/logs}"/>

<contextName>${APP_NAME}</contextName>

<!--每天记录日志到文件appender-->

<appender name="FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">

<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">

<fileNamePattern>${LOG_FILE_PATH}/${APP_NAME}-%d{yyyy-MM-dd}.log</fileNamePattern>

<maxHistory>30</maxHistory>

</rollingPolicy>

<encoder>

<pattern>${FILE_LOG_PATTERN}</pattern>

</encoder>

</appender>

<!--输出到logstash的appender-->

<appender name="LOGSTASH" class="net.logstash.logback.appender.LogstashTcpSocketAppender">

<!--可以访问的logstash日志收集端口-->

<destination>192.168.0.150:4560</destination>

<encoder charset="UTF-8" class="net.logstash.logback.encoder.LogstashEncoder"/>

</appender>

<root level="INFO">

<appender-ref ref="CONSOLE"/>

<appender-ref ref="FILE"/>

<appender-ref ref="LOGSTASH"/>

</root>

</configuration>

192.168.0.150:4560为我本机logstash的ip和端口，请自行设置。

重新启动项目后，项目输出的日志都会被收集到elk中。