filebeat收集json格局的tomcat日志

公司中罕用的web程序个别都是nginx和tomcat,tomcat也有access拜访日志,输入和nginx相似,咱们也将tomcat的日志输入成json格局,在配合filebeat进行收集展现

1.部署tomcat

1.1.部署tomcat

1.装置java[root@nginx02 ~]# yum -y install java2.装置tomcat[root@nginx02 ~]# mkdir /data[root@nginx02 ~]# tar xf apache-tomcat-8.5.53.tar.gz -C /data[root@nginx02 /data]# cd /data/[root@nginx02 /data]# mv apache-tomcat-8.5.53 tomcat3.启动tomcat[root@nginx02 /tomcat]# ./bin/startup.sh Using CATALINA_BASE:   /data/apache-tomcat-8.5.53Using CATALINA_HOME:   /data/apache-tomcat-8.5.53Using CATALINA_TMPDIR: /data/apache-tomcat-8.5.53/tempUsing JRE_HOME:        /usrUsing CLASSPATH:       /data/apache-tomcat-8.5.53/bin/bootstrap.jar:/data/apache-tomcat-8.5.53/bin/tomcat-juli.jarTomcat started.4.拜访tomcat

1.2.批改tomcat配置文件反对json格局日志输入

1.批改配置[root@nginx02 /data/tomcat]# vim conf/server.xml         <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"               prefix="localhost_access_log" suffix=".txt"               pattern="{"clientip":"%h","ClientUser":"%l","authenticated":"%u","AccessTime":"%t","method":"%r","status":"%s","SendBytes":"%b","Query?string":"%q","partner":"%{Referer}i","AgentVersion":"%{User-Agent}i"}"/>2.重启[root@nginx02 /data/tomcat]# ./bin/startup.sh Using CATALINA_BASE:   /data/apache-tomcat-8.5.53Using CATALINA_HOME:   /data/apache-tomcat-8.5.53Using CATALINA_TMPDIR: /data/apache-tomcat-8.5.53/tempUsing JRE_HOME:        /usrUsing CLASSPATH:       /data/apache-tomcat-8.5.53/bin/bootstrap.jar:/data/apache-tomcat-8.5.53/bin/tomcat-juli.jarTomcat started.

1.3.查看tomcat日志

tomcat日志位于logs文件夹

最次要的就是catalina.out和localhost_access_log这两个日志

刚刚批改完反对json格局后,只是对拜访日志失效

曾经是json格局的日志了

json解析工具也是能够解析的

2.1.配置filebeat收集tomcat日志

vim小技巧,在输出模式应用ctrl+p既能够补全单词,在命令模式要删除""之间的内容,能够应用d+i+"即可删除

1.配置filebeat收集tomcat日志[root@nginx02 ~]# vim /etc/filebeat/filebeat.ymlfilebeat.inputs:- type: log  enabled: true  paths:    - /data/tomcat/logs/localhost_access_log.*            #localhost_access_log日志要写成通配符的模式,因为这个日志每天都会生成一份  json.keys_under_root: true  json.overwrite_keys: true  tags: ["tomcat"]output.elasticsearch:  hosts: ["192.168.81.210:9200"]gg    - index: "tomcat-access-%{+yyyy.MM.dd}"      when.contains:        tags: "tomcat"2.重启filebeat[root@nginx02 ~]# systemctl restart filebeat

2.2.应用ab压测工具生成1000行tomcat日志

[root@nginx02 ~]# yum -y intsall httpd-tools[root@nginx02 ~]# ab -c 100 -n 1000 http://127.0.0.1:8080/[root@nginx02 ~]# wc -l /data/tomcat/logs/localhost_access_log.2021-01-20.txt 1000 /data/tomcat/logs/localhost_access_log.2021-01-20.txt

2.3.查看es是否收集到日志

索引曾经创立且日志曾经收集到1000条

3.kibana关联es索引库进行数据查问

3.1.关联es索引库

Managerment---索引模式---创立索引

关联胜利

3.2.查看收集来的tomcat日志

点击Discovery---抉择tomcat索引库,依据本人的条件进行查问即可