一键搭建elk

一键启动elk

1. 生成环境的脚本

setup.sh

bash 复制代码
#!/usr/bin/bash

# logstash enviroment
mkdir -p logstash
touch logstash/logstash.conf
# shellcheck disable=SC1078
echo '
input {
      tcp {
          mode => "server"
          host => "0.0.0.0"
          port => 4560
          codec => json
        }
}
output {
      elasticsearch {
          hosts => "es:9200"
          index => "logstash-%{+YYYY.MM.dd}"
      }
}
' > logstash/logstash.conf

# elasticsearch enviroment
mkdir -p elasticsearch/plugins
mkdir -p elasticsearch/data

touch docker-compose.yml
echo "
version: '3.7'
services:
        elasticsearch:
          image: elasticsearch:7.6.2
          container_name: elasticsearch
          privileged: true
          user: root
          environment:
            #设置集群名称为elasticsearch
            - cluster.name=elasticsearch
            #以单一节点模式启动
            - discovery.type=single-node
            #设置使用jvm内存大小
            - ES_JAVA_OPTS=-Xms512m -Xmx512m
          volumes:
            - $PWD/elasticsearch/plugins:/usr/share/elasticsearch/plugins
            - $PWD/elasticsearch/data:/usr/share/elasticsearch/data
          ports:
            - 9200:9200
            - 9300:9300

        logstash:
          image: logstash:7.6.2
          container_name: logstash
          ports:
             - 4560:4560
          privileged: true
          environment:
            - TZ=Asia/Shanghai
          volumes:
            #挂载logstash的配置文件
            - $PWD/logstash/logstash.conf:/usr/share/logstash/pipeline/logstash.conf
          depends_on:
            - elasticsearch
          links:
            #可以用es这个域名访问elasticsearch服务
            - elasticsearch:es


        kibana:
          image: kibana:7.6.2
          container_name: kibana
          ports:
              - 5601:5601
          privileged: true
          links:
            #可以用es这个域名访问elasticsearch服务
            - elasticsearch:es
          depends_on:
            - elasticsearch
          environment:
            #设置访问elasticsearch的地址
            - elasticsearch.hosts=http://es:9200
"> docker-compose.yml

chmod 777 elasticsearch/data

生成的文件

2. 启动容器

bash 复制代码
docker-compose up

3. SpringBoot配置Logstash客户端

pom.xml添加logstash依赖

bash 复制代码
        <!--集成logstash-->
        <dependency>
            <groupId>net.logstash.logback</groupId>
            <artifactId>logstash-logback-encoder</artifactId>
            <version>6.6</version>
        </dependency>

logback-spring.xml。

注意配置logstash日志收集的ip:port

bash 复制代码
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE configuration>
<configuration>
    <include resource="org/springframework/boot/logging/logback/defaults.xml"/>
    <include resource="org/springframework/boot/logging/logback/console-appender.xml"/>
    <!--应用名称-->
    <property name="APP_NAME" value="springsecurity-jwt"/>
    <!--日志文件保存路径-->
    <property name="LOG_FILE_PATH" value="${LOG_FILE:-${LOG_PATH:-${LOG_TEMP:-${java.io.tmpdir:-/tmp}}}/logs}"/>
    <contextName>${APP_NAME}</contextName>
    <!--每天记录日志到文件appender-->
    <appender name="FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
        <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
            <fileNamePattern>${LOG_FILE_PATH}/${APP_NAME}-%d{yyyy-MM-dd}.log</fileNamePattern>
            <maxHistory>30</maxHistory>
        </rollingPolicy>
        <encoder>
            <pattern>${FILE_LOG_PATTERN}</pattern>
        </encoder>
    </appender>
    <!--输出到logstash的appender-->
    <appender name="LOGSTASH" class="net.logstash.logback.appender.LogstashTcpSocketAppender">
        <!--可以访问的logstash日志收集端口-->
        <destination>localhost:4560</destination>
        <encoder charset="UTF-8" class="net.logstash.logback.encoder.LogstashEncoder"/>
    </appender>
    <root level="INFO">
        <appender-ref ref="CONSOLE"/>
        <appender-ref ref="FILE"/>
        <appender-ref ref="LOGSTASH"/>
    </root>
</configuration>

测试类AppTest

bash 复制代码
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.junit.jupiter.api.Test;
import org.springframework.boot.test.context.SpringBootTest;

@SpringBootTest
public class AppTest {

    //创建日志对象
    Logger logger = LogManager.getLogger(this.getClass());

    @Test
    public void test1() {
        logger.info("logback的日志信息过来了");
        logger.error("logback的错误信息过来了");
    }
}

4. 运行效果

创建index



搜索日志

相关推荐
运维大师7 天前
【监控与可观测性】03-ELK日志体系搭建:从采集到告警的完整闭环
elk
c_zyer8 天前
一站式可观测新选择:OpenObserve 深度对标 ELK / Grafana+Prometheus / Netdata,附Docker一键部署实战
elk·grafana·prometheus·netdata·openobserve
至乐活着9 天前
ELK日志系统从零搭建到实战:Nginx日志采集与可视化全攻略
nginx·elk·elasticsearch·docker·日志系统
艾伦_耶格宇10 天前
【ELK】-2 ELK的搭建
运维·elk
创世宇图11 天前
【Python工程化实战】Python 服务的结构化日志体系:structlog + JSON 输出 + 日志分级策略
python·elk·structlog·结构化日志·可观测性
未若君雅裁1 个月前
日志采集与ELK:从本地日志到集中检索分析
运维·elk·jenkins
_codemonster1 个月前
Prometheus + Grafana + Alertmanager和ELK 栈(Elasticsearch + Logstash + Kibana)
elk·grafana·prometheus
Sean‘1 个月前
在隔离内网机器上使用 Filebeat 全量采集日志并推送到 ELK 的实战
运维·服务器·elk
Michaelwubo1 个月前
ELK案例
elk
YDS8291 个月前
DeepSeek RAG&MCP + Agent智能体项目 —— 集成ELK日志管理系统和Prometheus监控系统
java·elk·ai·springboot·agent·prometheus·deepseek