如何在ubuntu中使用弹性堆栈监控tomcat日志
我正在使用以下参考链接将tomcat8日志配置到弹性堆栈仪表板:https://logz.io/blog/apache-tomcat-monitoring/
我使用的是ubuntu18.04服务器,安装了tomcat8,并配置了logstash.conf文件和filebeat文件,但日志没有显示在kibana仪表板中
您能更新一下如何配置此场景吗?
Here is my filebeat.yml file
filebeat.inputs:
- type: log
enabled: true
paths:
- /var/log/tomcat8/localhost_access_log.2019-09-11.txt
- /var/log/tomcat8/catalina.out.1
- /var/log/tomcat8/catalina.out
#------------- Logstash output ------------------------
output.logstash:
# The Logstash hosts
hosts: ["localhost:5044"]
enter code here这是我的.conf文件
input {
beats {
port => 5044
}
filter {
grok {
match => { "message" => "%{COMBINEDAPACHELOG}" }
date {
match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]
geoip {
source => "localhost"
}
output {
elasticsearch {
hosts => ["172.17.5.106:9200"]
}
curl -X GET "localhost:9200/_cat/indices?v"
health status index uuid pri rep docs.count docs.deleted store.size pri.store.size
green open .monitoring-kibana-6-2019.09.11 gbOahp_KS56HZfeSVt0sgQ 1 0 8639 0 2mb 2mb
green open .monitoring-es-6-2019.09.08 NmS7exwcQA-OTgAxVWtQBA 1 0 103690 40 38.1mb 38.1mb
green open .monitoring-kibana-6-2019.09.08 JnOFYqNZRceaj5GA6WmL4Q 1 0 8639 0 1.9mb 1.9mb
green open .monitoring-es-6-2019.09.11 CXhPOf6xSDiG9bnGs58SEQ 1 0 155586 84 62.4mb 62.4mb
green open .monitoring-es-6-2019.09.12 RyhD98zwTVKPvl1BzDECug 1 0 64468 160 27.6mb 27.6mb
green open .monitoring-es-6-2019.09.09 VUIiK99ESdaGMoIOKzvstg 1 0 121067 80 47.1mb 47.1mb
green open .kibana_task_manager KnCr7PerTyeFmwcwz0IamA 1 0 2 0 12.6kb 12.6kb
green open .kibana_1 Lu5oH-BgSheJdAwKGXutqw 1 0 198 34 378kb 378kb
green open .monitoring-kibana-6-2019.09.07 te49nDoDQH2g12C3bOluvQ 1 0 8639 0 1.9mb 1.9mb
green open .monitoring-es-6-2019.09.10 ne6d71h1Ri2fJ2joOxV4Yw 1 0 138256 60 54.1mb 54.1mb
green open .monitoring-es-6-2019.09.07 I4Z0SlDjShabcVOl9oGJPQ 1 0 86414 42 31.6mb 31.6mb
green open .monitoring-kibana-6-2019.09.09 ruXbntBHTl6yrSkj0tormg 1 0 8640 0 2mb 2mb
green open .monitoring-kibana-6-2019.09.06 Go1pi-NhT8eVlKX2QgMMKA 1 0 3007 0 828.3kb 828.3kb
green open .monitoring-es-6-2019.09.06 oCgFiC1dRr-wjw0tdGxlRw 1 0 24058 28 9.8mb 9.8mb
green open .monitoring-kibana-6-2019.09.12 jr5nRZgtSAebP1jbCeQDxQ 1 0 3221 0 821.2kb 821.2kb
green open .monitoring-kibana-6-2019.09.10 seRLoCjXRtGU9U3ZiSl2Fw 1 0 8639 0 2mb 2mb这是我的/var/log/filebeat/filebeat文件
2019-09-11T17:12:04.655+0530信息监控日志/log.go:最近30s的144个非零指标{“监控”:{“指标”:{“节拍”:{“cpu”:{“系统”:{“ticks”:27$ 2019-09-11T17:12:34.655+0530信息监控日志/log.go:最近30s的144个非零指标{“监控”:{“指标”:{“节拍”:{“节拍”:{“cpu”:{“系统”:{“ticks”:27$ 2019-09-11T17:13:04.655+0530信息监控日志/log.go:144个最近30s非零指标{“监控”:{“指标”:{“节拍”:{“cpu”:{“系统”:{“ticks”:27$ 2019-09-11T17:13:34.655+0530信息监控日志/log.go:144个最近30s非零指标{“监控”:{“指标”:{“节拍”:{“cpu”:{“系统”:{“ticks”:27$ 2019-09-11T17:14:04.655+0530信息监控日志/log.go:14430s非零指标{“监控”:{“指标”:{“节拍”:{“cpu”:{“系统”:{“ticks”:27$ 2019-09-11T17:14:34.655+0530信息监控日志/日志。go:最近30s非零指标{“监控”:{“指标”:{“节拍”:{“cpu”:{“系统”:{“ticks”:27$ 2019-09-11T17:15:04.655+0530信息监控日志/log.go:144个最近30s非零指标{“监控”:{“指标”:{“节拍”:{“cpu”:{“系统”:{“ticks”:27$ 2019-09-11T17:15:34.655+0530信息监控日志/log.go:最近30秒144个非零指标{“监控”:{“指标”:{“节拍”:{“cpu”:{“系统”:{“ticks”:27$
这是我的/var/log/logstash/logstash-Pla.log文件
2019-09-08T00:00:13,284logstash.runner启动Logstash {"logstash.version"=>"6.8.3"} 2019-09-08T00:00:14,084logstash.agent无法执行操作{:action=>LogStash::PipelineAction::Create/pipeline_id:main,:exception=>" Logstash ::Config$ 2019-09-08T00:00:14,228logstash.agent成功启动Logstash API终结点{:port=>9600} 2019-09-08T00:00:19,281logstash.runner Logstash关闭。2019-09-08T00:00:49,251logstash.runner启动Logstash {"logstash.version"=>"6.8.3"}
回答 2
Stack Overflow用户
发布于 2019-09-17 03:13:10
您能确认完整的filebeat.yml配置吗?看起来您缺少filebeat输出部分。
您可以在logstash输出中查看您发布的logz.io链接或官方文档:https://www.elastic.co/guide/en/beats/filebeat/current/logstash-output.html
output.logstash:
hosts: ["localhost:5044"]Stack Overflow用户
发布于 2019-09-19 01:44:24
根据Filebeat日志,它工作得很好。
但是在您的Logstash配置中,input {、date {、geoip {和output {缺少结束的}。我不太确定你的geoip过滤器--那个字段真的叫做localhost吗?为了简单起见,我会先删除这一部分,然后让其余部分先工作。
尝试以下配置:
input {
beats {
port => 5044
}
}
filter {
grok {
match => { "message" => "%{COMBINEDAPACHELOG}" }
}
date {
match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]
}
}
output {
elasticsearch {
hosts => ["172.17.5.106:9200"]
}
}如果不起作用,请使用Logstash的新日志输出更新您的答案。
https://stackoverflow.com/questions/57871526
复制相似问题
腾讯云开发者
