ELK 6.8.3 安装与配置(Windows)
🏷️ ELK
可以在 Elasticsearch 下载中心 下载对应版本的 Elasticsearch、Logstash 和 Kibana 。
这里使用的都是 6.8.3 版本。
SpringBoot
直接发送日志到 logstash 地址
pom.xml
xml
<dependency>
<groupId>net.logstash.logback</groupId>
<artifactId>logstash-logback-encoder</artifactId>
<version>6.1</version>
</dependency>logback-spring.xml
xml
<!--输出到 logstash的 appender-->
<appender name="logstash" class="net.logstash.logback.appender.LogstashTcpSocketAppender">
<destination>${logstash.url}:4560</destination>
<encoder charset="UTF-8" class="net.logstash.logback.encoder.LogstashEncoder"/>
</appender>
<root level="info">
<appender-ref ref="logstash" />
</root>
${logstash.url}表示从环境变量中获取对应(logstash.url)的值。
InvalidFrameProtocolException: Invalid Frame Type, received: 83
在 Logstash 收到请求时,启动窗口会显示如下异常。
java
[2020-07-13T13:32:09,038][INFO ][org.logstash.beats.BeatsHandler] [local: 172.0.0.11:4560, remote: 172.0.0.11:57621] Handling exception: org.logstash.beats.BeatsParser$InvalidFrameProtocolException: Invalid Frame Type, received: 83
[2020-07-13T13:32:09,039][WARN ][io.netty.channel.DefaultChannelPipeline] An exceptionCaught() event was fired, and it reached at the tail of the pipeline. It usually means the last handler in the pipeline did not handle the exception.
io.netty.handler.codec.DecoderException: org.logstash.beats.BeatsParser$InvalidFrameProtocolException: Invalid Frame Type, received: 83后来发现是由于配置文件写错了。 Input 的类型应该为 tcp,结果我从默认的配置文件 logstash-sample.conf 复制过来后忘记修改了(默认 Input 类型是 beats)。
Could not create an Appender of type [net.logstash.logback.appender.LogstashTcpSocketAppender]
这个错误是在 SpringBoot Application 启动时报的,应该也是由于上面 Logstash 的配置错误导致的。
java
> java.lang.IllegalStateException: Logback configuration error detected:
ERROR in ch.qos.logback.core.joran.action.AppenderAction - Could not create an Appender of type [net.logstash.logback.appender.LogstashTcpSocketAppender]. ch.qos.logback.core.util.DynamicClassLoadingException: Failed to instantiate type net.logstash.logback.appender.LogstashTcpSocketAppender
ERROR in ch.qos.logback.core.joran.spi.Interpreter@48:95 - ActionException in Action for tag [appender] ch.qos.logback.core.joran.spi.ActionException: ch.qos.logback.core.util.DynamicClassLoadingException: Failed to instantiate type net.logstash.logback.appender.LogstashTcpSocketAppender
ERROR in ch.qos.logback.core.joran.action.AppenderRefAction - Could not find an appender named [logstash]. Did you define it below instead of above in the configuration file?
ERROR in ch.qos.logback.core.joran.action.AppenderRefAction - See http://logback.qos.ch/codes.html#appender_order for more details.Logstash
配置 logstash 接收日志并导出到 Elasticsearch
logstash-sv.conf
js
input {
tcp {
mode => "server"
host => "0.0.0.0"
port => 4560
codec => json_lines
}
}
output {
elasticsearch {
hosts => ["http://172.0.0.11:9200"]
index => "server-log-%{+YYYY.MM.dd}"
#user => "elastic"
#password => "changeme"
}
}Kibans
安装 Kibana 并关联到 Elasticsearch 。
kibana.yml
默认的 server.host 值为 localhost ,通过 ip 地址无法访问。
yml
server.host: "172.0.0.11"
elasticsearch.hosts: ["http://172.0.0.11:9200"]配置 Kibana
在 Management => Kibana => Index Patterns 配置索引名 server-log-* (支持通配符)