ELK的一些记录

发布于 25 天前  33 次阅读

1.需要配置自定义索引:

vi  www/elk/logstash/conf/logstash-filebeat.conf

按i编辑,ESC退出编辑,:wq保存

input {
    # 来源beats
    beats {
        # 端口
        port => "5044"
    }
}
# 分析、过滤插件,可以多个
filter {
    grok {
        match => { "message" => "%{COMBINEDAPACHELOG}"}
    }
    geoip {
        source => "clientip"
    }
    mutate {
        add_field => {"appname" => "yixiu"}
        add_field => {"env" => "dev"}
    }
}
output {
    # 选择elasticsearch
    elasticsearch {
        hosts => ["http://es-master:9200"]
        index => "%{appname}-%{env}-%{+YYYY.MM.dd}"
    }
}

2.logback-spring.xml配置:
需要配置{"appname":"yixiu","servicename":"${spring.application.name}","env":"prod"}

3.需要增加依赖:
implementation("net.logstash.logback:logstash-logback-encoder:6.6")

4.需要增加nacos配置:
logging:
config: classpath:logback-spring.xml

啊~~~~~~~~~
最后更新于 2025-08-21
啥也没有呀