1、环境搭建
前提条件:请自行安装docker以及docker-compose环境
version: '3'
services:
elasticsearch:
image: elasticsearch:7.14.0
container_name: elasticsearch
ports:
- "9200:9200"
- "9300:9300"
environment:
# 以单一节点模式启动
discovery.type: single-node
ES_JAVA_OPTS: "-Xms512m -Xmx512m"
kibana:
image: kibana:7.14.0
container_name: kibana
environment:
I18N_LOCALE: zh-CN
ELASTICSEARCH_HOSTS: http://elasticsearch:9200
ports:
- 5601:5601
logstash:
image: logstash:7.14.0
container_name: logstash
ports:
- 4560:4560
- 9600:9600
privileged: true
environment:
- TZ=Asia/Shanghai
volumes:
- ./logstash/logstash.conf:/usr/share/logstash/pipeline/logstash.conf #挂载logstash的配置文件
depends_on:
- elasticsearch
links:
- elasticsearch:es #可以用es这个域名访问elasticsearch服务
其中:logstash.conf配置文件如下:
input {
tcp {
#模式选择为server
mode => "server"
#ip和端口根据自己情况填写,端口默认4560
host => "0.0.0.0"
port => 4560
#格式json
codec => json_lines
}
}
output {
elasticsearch {
action => "index"
#这里是es的地址,多个es要写成数组的形式
hosts => "127.0.0.1:9200"
#用于kibana过滤,可以填项目名称
index => "app-logstash-%{+YYYY.MM.dd}"
}
stdout {
codec => rubydebug
}
}
2、用法
首先,引入pom
<!--集成logstash-->
<dependency>
<groupId>net.logstash.logback</groupId>
<artifactId>logstash-logback-encoder</artifactId>
<version>6.6</version>
</dependency>
其次,在logback.xml添加如下信息:
<appender name="stash" class="net.logstash.logback.appender.LogstashTcpSocketAppender">
<!-- 这是是logstash服务器地址 端口-->
<destination>127.0.0.1:4560</destination>
<!--输出的格式,推荐使用这个-->
<encoder charset="UTF-8" class="net.logstash.logback.encoder.LoggingEventCompositeJsonEncoder">
<providers>
<timestamp>
<timeZone>Asia/Shanghai</timeZone>
</timestamp>
<!--自定义日志输出格式-->
<pattern>
<pattern>
{
"project": "app-java-logstash",
"level": "%level",
"service": "${APP_NAME:-}",
"class": "%logger",
"message": "[%X{sessionId}] [%X{traceId}] %class:%line %message",
"thread": "%thread",
"classLine":"%class:%line"
}
</pattern>
</pattern>
</providers>
</encoder>
</appender>
<root level="info">
<appender-ref ref="stash"/>
</root>
3、访问地址
http://127.0.0.1:5601/app/home
4、创建索引模式
