1. Overview
1.概述
In this quick tutorial, we’ll discuss, step by step, how to send out application logs to the Elastic Stack (ELK).
在这个快速教程中,我们将逐步讨论如何向Elastic Stack(ELK)发送应用程序的日志。
In an earlier article, we focused on setting up the Elastic Stack and sending JMX data into it.
在之前的文章中,我们重点介绍了设置Elastic Stack和向其发送JMX数据。
2. Configure Logback
2.配置日志回放
let’s start by configuring Logback to write app logs into a file using FileAppender:
让我们从配置Logback开始,使用FileAppender将应用程序日志写入文件。
<appender name="STASH" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>logback/redditApp.log</file>
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
<fileNamePattern>logback/redditApp.%d{yyyy-MM-dd}.log</fileNamePattern>
<maxHistory>7</maxHistory>
</rollingPolicy>
<encoder class="net.logstash.logback.encoder.LogstashEncoder"/>
</appender>
<root level="DEBUG">
<appender-ref ref="STASH" />
</root>Note that:
请注意,。
- We keep logs of each day in a separate file by using RollingFileAppender with TimeBasedRollingPolicy (more about this appender here)
- We’ll keep old logs for only a week (7 days) by setting maxHistory to 7
Also, notice how we’re using the LogstashEncoder to do the encoding into a JSON format – which is easier to use with Logstash.
另外,注意到我们是如何使用LogstashEncoder来做编码成JSON格式的 – 这在Logstash中更容易使用。
To make use of this encoder, we need to add the following dependency to our pom.xml:
为了使用这个编码器,我们需要在我们的pom.xml中添加以下依赖。
<dependency>
<groupId>net.logstash.logback</groupId>
<artifactId>logstash-logback-encoder</artifactId>
<version>4.11</version>
</dependency>Finally, let’s make sure the app has permissions to access logging directory:
最后,让我们确保该应用程序有访问日志目录的权限。
sudo chmod a+rwx /var/lib/tomcat8/logback3. Configure Logstash
3.配置Logstash[/strong
Now, we need to configure Logstash to read data from log files created by our app and send it to ElasticSearch.
现在,我们需要配置Logstash来从我们的应用程序创建的日志文件中读取数据,并将其发送到ElasticSearch。
Here is our configuration file logback.conf:
这里是我们的配置文件logback.conf。
input {
file {
path => "/var/lib/tomcat8/logback/*.log"
codec => "json"
type => "logback"
}
}
output {
if [type]=="logback" {
elasticsearch {
hosts => [ "localhost:9200" ]
index => "logback-%{+YYYY.MM.dd}"
}
}
}Note that:
请注意,。
- input file is used as Logstash will read logs this time from logging files
- path is set to our logging directory and all files with .log extension will be processed
- index is set to new index “logback-%{+YYYY.MM.dd}” instead of default “logstash-%{+YYYY.MM.dd}”
To run Logstash with new configuration, we’ll use:
为了用新的配置运行Logstash,我们将使用。
bin/logstash -f logback.conf4. Visualize Logs Using Kibana
4.使用Kibana可视化日志
We can now see our Logback data in the ‘logback-*‘ index.
现在我们可以在’logback-*‘索引中看到我们的Logback数据。
We’ll create a new search ‘Logback logs’ to make sure to separate Logback data by using the following query:
我们将创建一个新的搜索’Logback logs’,以确保通过使用以下查询来分离Logback数据。
type:logbackFinally, we can create a simple visualization of our Logback data:
最后,我们可以为我们的Logback数据创建一个简单的可视化。
- Navigate to ‘Visualize’ tab
- Choose ‘Vertical Bar Chart’
- Choose ‘From Saved Search’
- Choose ‘Logback logs’ search we just created
For Y-axis, make sure to choose Aggregation: Count
对于Y轴,请确保选择聚合。计数。
For X-axis, choose:
对于X轴,选择。
- Aggregation: Terms
- Field: level
After running the visualization, you should see multiple bars represent a count of logs per level (DEBUG, INFO, ERROR, …)
运行可视化后,你应该看到多个条形图代表每个级别(DEBUG, INFO, ERROR, …)的日志计数。
5. Conclusion
5.结论
In this article, we learned the basics of setting up Logstash in our system to push the log data it generates into Elasticsearch – and visualize that data with the help of Kibana.
在这篇文章中,我们学习了在系统中设置Logstash的基本知识,将其产生的日志数据推送到Elasticsearch中–并在Kibana的帮助下将这些数据可视化。