配置logstash收集java日志
0.默认已经安装了ELK,并已经成功运行。如需安装,请移步此处。
1.修改配置文件
#新建配置文件
sudo vim /etc/logstash/conf.d/java.conf
#添加以下配置
input{
file{
path=>"/var/log/elasticsearch/elasticsearch.log"
type => "elasticsearch-java-log"
start_position => "beginning"
stat_interval => "2"
codec => multiline
{
pattern => "^\["
negate => true
what => "previous"
}
}
}
output{
elasticsearch{
hosts =>["192.168.108.117:9200"]
index =>"elasticsearch-java-log-%{+YYYY.MM.dd}.log"
}
}
2.测试配置是否有语法错误
输入以下命令
/usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/java.conf -t
配置成功:
3.修改日志文件的权限为其他用户可读
.
sudo chmod 644 /var/log/elasticsearch/elasticsearch.log
4.重启logstash
sudo systemctl restart logstash
5.如果安装了elasticsearch-head,可以看到集群中多了一个分片。如要安装,请移步此处。