ELK收集java日志

由于elasticsearch本身产生的日志就是java日志,所以我们可以通过ELK平台直接收集elasticsearch日志

1.修改filebeat配置文件

[root@db01 ~]# vim /etc/filebeat/filebeat.yml
filebeat.inputs:

- type: log
  enabled: true
  paths:
    -  /var/log/elasticsearch/elasticsearch.log
  tags: ["es"]
##开启多行匹配
  multiline.pattern: '^\['
  multiline.negate: true
  multiline.match: after

setup.kibana:
  host: "172.16.210.53:5601"

output.elasticsearch:
  hosts: ["172.16.210.53:9200"]
  indices:
    - index: "es-java-%{[beat.version]}-%{+yyyy.MM}"
      when.contains:
        tags: "es"

2.重启filebeat

[root@db01 ~]# systemctl restart filebeat

3.打开kibana界面添加展示数据

image.png image.png

点击discover查看数据

image.png