ELK即Elasticsearch、Logstash、Kibana,组合起来可以搭建线上日志系统,本文主要讲解使用ELK来收集SpringBoot应用产生的日志。
学习前需要了解的内容
开发者必备Docker命令使用Docker Compose部署SpringBoot应用SpringBoot应用中使用AOP记录接口访问日志docker pull elasticsearch:6.4.0 docker pull logstash:6.4.0 docker pull kibana:6.4.0 Copy to clipboardErrorCopied
搭建前准备elasticsearch 启动成功需要特殊配置,具体参考mall在Linux环境下的部署(基于Docker Compose)中的elasticsearch部分;
docker-compose.yml文件地址:https://github.com/macrozheng/mall-learning/blob/master/mall-tiny-elk/src/main/docker/docker-compose.yml logstash-springboot.conf
配置文件地址:https://github.com/macrozheng/mall-learning/blob/master/mall-tiny-elk/src/main/docker/logstash-springboot.conf
开始搭建创建一个存放logstash配置的目录并上传配置文件 logstash-springboot.conf文件内容
input { tcp { mode => "server" host => "0.0.0.0" port => 4560 codec => json_lines } } output { elasticsearch { hosts => "es:9200" index => "springboot-logstash-%{+YYYY.MM.dd}" } }创建配置文件存放目录并上传配置文件到该目录
mkdir /mydata/logstash使用docker-compose.yml脚本启动ELK服务docker-compose.yml内容
version: '3' services: elasticsearch: image: elasticsearch:6.4.0 container_name: elasticsearch environment: - "cluster.name=elasticsearch" #设置集群名称为elasticsearch - "discovery.type=single-node" #以单一节点模式启动 - "ES_JAVA_OPTS=-Xms512m -Xmx512m" #设置使用jvm内存大小 volumes: - /mydata/elasticsearch/plugins:/usr/share/elasticsearch/plugins #插件文件挂载 - /mydata/elasticsearch/data:/usr/share/elasticsearch/data #数据文件挂载 ports: - 9200:9200 - 9300:9300 kibana: image: kibana:6.4.0 container_name: kibana links: - elasticsearch:es #可以用es这个域名访问elasticsearch服务 depends_on: - elasticsearch #kibana在elasticsearch启动之后再启动 environment: - "elasticsearch.hosts=http://es:9200" #设置访问elasticsearch的地址 ports: - 5601:5601 logstash: image: logstash:6.4.0 container_name: logstash volumes: - /mydata/logstash/logstash-springboot.conf:/usr/share/logstash/pipeline/logstash.conf #挂载logstash的配置文件 depends_on: - elasticsearch #kibana在elasticsearch启动之后再启动 links: - elasticsearch:es #可以用es这个域名访问elasticsearch服务 ports: - 4560:4560 Copy to clipboardErrorCopied 上传到linux服务器并使用docker-compose命令运行 docker-compose up -d注意:Elasticsearch启动可能需要好几分钟,要耐心等待。
在logstash中安装json_lines插件
docker exec -it logstash /bin/bash
cd /bin/
logstash-plugin install logstash-codec-json_lines
exit
访问地址:http://192.168.3.101:5601
添加配置文件logback-spring.xml让logback的日志输出到logstash 注意appender节点下的destination需要改成你自己的logstash服务地址,比如我的是:192.168.3.101:4560 。
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE configuration> <configuration> <include resource="org/springframework/boot/logging/logback/defaults.xml"/> <include resource="org/springframework/boot/logging/logback/console-appender.xml"/> <!--应用名称--> <property name="APP_NAME" value="mall-admin"/> <!--日志文件保存路径--> <property name="LOG_FILE_PATH" value="${LOG_FILE:-${LOG_PATH:-${LOG_TEMP:-${java.io.tmpdir:-/tmp}}}/logs}"/> <contextName>${APP_NAME}</contextName> <!--每天记录日志到文件appender--> <appender name="FILE" class="ch.qos.logback.core.rolling.RollingFileAppender"> <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> <fileNamePattern>${LOG_FILE_PATH}/${APP_NAME}-%d{yyyy-MM-dd}.log</fileNamePattern> <maxHistory>30</maxHistory> </rollingPolicy> <encoder> <pattern>${FILE_LOG_PATTERN}</pattern> </encoder> </appender> <!--输出到logstash的appender--> <appender name="LOGSTASH" class="net.logstash.logback.appender.LogstashTcpSocketAppender"> <!--可以访问的logstash日志收集端口--> <destination>192.168.3.101:4560</destination> <encoder charset="UTF-8" class="net.logstash.logback.encoder.LogstashEncoder"/> </appender> <root level="INFO"> <appender-ref ref="CONSOLE"/> <appender-ref ref="FILE"/> <appender-ref ref="LOGSTASH"/> </root> </configuration>