window10安装ELK8并记录springboot日志

目录

1.下载免安装包并解压：

2.安装和启动Elasticsearch

3.安装和启动Logstash 

4.安装和启动kibana 

5.SpringBoot推送日志

 6.操作kibana

7.远程数据源输入

---

1.下载免安装包并解压：

下载 Elastic 产品 | Elastic免费下载 Elasticsearch、Logstash、Kibana 和 Beats，分分钟上手使用 Elastic APM、Elastic App Search、Elastic Workplace Search 等服务。https://www.elastic.co/cn/downloads/

 

2.安装和启动Elasticsearch

修改elasticsearch.yml文件

  

1.  
   network.host: 127.0.0.1
2.  
   http.port: 9200
3.  
   http.cors.enabled: true
4.  
   http.cors.allow-origin: "*"
5.  
   ingest.geoip.downloader.enabled: false

启动：双击elasticsearch.bat

 首次启动控制台会出现账号密码：

 将账号密码保存到elasticsearch.yml中，防止以后忘记（个人习惯）

访问： https://localhost:9200/

 

 

3.安装和启动Logstash 

修改logstash.yml

1.  
   xpack.monitoring.enabled: true
2.  
   xpack.monitoring.elasticsearch.username: elastic
3.  
   xpack.monitoring.elasticsearch.password: N0A xc1-vUvLf _3s25J
4.  
   #xpack.monitoring.elasticsearch.proxy: ["http://proxy:port"]
5.  
   xpack.monitoring.elasticsearch.hosts: ["https://127.0.0.1:9200"]
6.  
   # an alternative to hosts username/password settings is to use cloud_id/cloud_auth
7.  
   #xpack.monitoring.elasticsearch.cloud_id: monitoring_cluster_id:xxxxxxxxxx
8.  
   #xpack.monitoring.elasticsearch.cloud_auth: logstash_system:password
9.  
   # another authentication alternative is to use an Elasticsearch API key
10.  
    #xpack.monitoring.elasticsearch.api_key: "id:api_key"
11.  
    xpack.monitoring.elasticsearch.ssl.certificate_authority: "E:/elk/elasticsearch-8.3.2/config/certs/http_ca.crt"
12.  
    #xpack.monitoring.elasticsearch.ssl.truststore.path: path/to/file
13.  
    #xpack.monitoring.elasticsearch.ssl.truststore.password: password
14.  
    #xpack.monitoring.elasticsearch.ssl.keystore.path: /path/to/file
15.  
    #xpack.monitoring.elasticsearch.ssl.keystore.password: password
16.  
    xpack.monitoring.elasticsearch.ssl.verification_mode: certificate
17.  
    xpack.monitoring.elasticsearch.sniffing: false

在文件夹下E:\elk\logstash-8.3.2\config下新建配置文件logstash.conf

 logstash.conf内容如下：（这里我们采用本地access.log文件作为数据源，第七步讲采用远程数据源）

1.  
   # logstash.conf 日志捕获从指定路径的 access.log 文件中获得
2.  
   # 输出到 es 的 "access-%{ YYYY.MM.dd}" 索引中，索引不存在则自动创建
3.  
   # 同时考虑到是 https 访问，需要配置 ssl
4.  
    
5.  
    
6.  
   input {
7.  
    
8.  
   file {
9.  
    
10.  
    type => "nginx_access"
11.  
     
12.  
    path => "E:/elk/logstash-8.3.2/logs/access.log"
13.  
     
14.  
    }
15.  
     
16.  
    }
17.  
     
18.  
    output {
19.  
     
20.  
    elasticsearch {
21.  
     
22.  
    hosts => ["https://127.0.0.1:9200"]
23.  
     
24.  
    index => "access-%{ YYYY.MM.dd}"
25.  
     
26.  
    user => "elastic"
27.  
     
28.  
    password => "N0A xc1-vUvLf _3s25J"
29.  
     
30.  
    ssl => true
31.  
     
32.  
    ssl_certificate_verification => true
33.  
     
34.  
    cacert => "E:/elk/elasticsearch-8.3.2/config/certs/http_ca.crt"
35.  
    }
36.  
     
37.  
    stdout {
38.  
     
39.  
    codec => json_lines
40.  
     
41.  
    }
42.  
     
43.  
    }

启动logstash:打开cmd窗口cd到logstash的bin目录下执行命令：

logstash -f ./config/logstash.conf

4.安装和启动kibana 

为kibana单独创建一个elasticsearch账户（不能用elastic初始账户）

 在此处打开PowerShell窗口：执行

 ./elasticsearch-reset-password -u kibana_system

（记录下这个账号和密码，接下来的配置要用到） 

修改kibana.yml文件

1.  
   server.port: 5601
2.  
    
3.  
   server.host: "localhost"
4.  
   server.maxPayload: 1048576
5.  
    
6.  
   # The Kibana server's name. This is used for display purposes.
7.  
   server.name: "kibaba-host"
8.  
    
9.  
   elasticsearch.hosts: ["https://127.0.0.1:9200"]
10.  
     
11.  
    elasticsearch.username: "kibana_system"
12.  
    elasticsearch.password: "N0A xc1-vUvLf _3s25J"
13.  
     
14.  
    elasticsearch.pingTimeout: 1500
15.  
     
16.  
    elasticsearch.requestTimeout: 30000
17.  
     
18.  
    elasticsearch.ssl.certificateAuthorities: [ "E:/elk/elasticsearch-8.3.2/config/certs/http_ca.crt" ]
19.  
     
20.  
    elasticsearch.ssl.verificationMode: certificate

启动：双击kibana.bat

访问：http://localhost:5601/

 

5.SpringBoot推送日志

依赖

1.  
   <dependency>
2.  
   <groupId>net.logstash.logback</groupId>
3.  
   <artifactId>logstash-logback-encoder</artifactId>
4.  
   <version>7.2</version>
5.  
   </dependency>

resources文件夹下新建配置文件logback-spring-dev.xml，内容如下

1.  
   <?xml version="1.0" encoding="UTF-8"?>
2.  
   <configuration>
3.  
   <include resource="org/springframework/boot/logging/logback/base.xml"/>
4.  
   <appender name="LOGSTASH2FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
5.  
   <append>true</append>
6.  
   <file>E:\elk\logstash-8.3.2\logs\access.log</file>
7.  
   <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
8.  
   <fileNamePattern>E:\elk\logstash-8.3.2\logs\access.%d{yyyyMMdd}.log</fileNamePattern>
9.  
   </rollingPolicy>
10.  
    <encoder charset="UTF-8" class="net.logstash.logback.encoder.LogstashEncoder"/>
11.  
    </appender>
12.  
    <root level="INFO">
13.  
    <appender-ref ref="LOGSTASH2FILE"/>
14.  
    </root>
15.  
    </configuration>

在application-dev.xml中配置

1.  
   logging:
2.  
   config: classpath:logback-spring-dev.xml

 使用application的dev环境

 启动项目：

此时发现了access.log有数据了

 6.操作kibana

7.远程数据源输入

修改logstash.conf文件，添加了tcp的输入方式，另外为了区分之前的access.log数据源，修改elasticsearch的索引名称为springboot

1.  
   # logstash.conf 日志捕获从指定路径的 access.log 文件中获得
2.  
   # 输出到 es 的 "access-%{ YYYY.MM.dd}" 索引中，索引不存在则自动创建
3.  
   # 同时考虑到是 https 访问，需要配置 ssl
4.  
    
5.  
    
6.  
   input {
7.  
   # 输入方式一配置：暴露给远程TCP输入
8.  
   tcp{
9.  
   mode => "server"
10.  
    host => "127.0.0.1"
11.  
    port => 9061
12.  
    codec => json_lines
13.  
    }
14.  
    # 输入方式二配置：读取本地文件输入
15.  
    file {
16.  
    type => "nginx_access"
17.  
    path => "E:/elk/logstash-8.3.2/logs/access.log"
18.  
    }
19.  
     
20.  
    }
21.  
    # 输出配置：Elasticsearch相关配置
22.  
    output {
23.  
     
24.  
    elasticsearch {
25.  
     
26.  
    hosts => ["https://127.0.0.1:9200"]
27.  
     
28.  
    index => "springboot-%{ YYYY.MM.dd}"
29.  
     
30.  
    user => "elastic"
31.  
     
32.  
    password => "N0A xc1-vUvLf _3s25J"
33.  
     
34.  
    ssl => true
35.  
     
36.  
    ssl_certificate_verification => true
37.  
     
38.  
    cacert => "E:/elk/elasticsearch-8.3.2/config/certs/http_ca.crt"
39.  
    }
40.  
     
41.  
    stdout {
42.  
     
43.  
    codec => json_lines
44.  
     
45.  
    }
46.  
     
47.  
    }

修改springboot项目的logback-spring-dev.xml文件

1.  
   <?xml version="1.0" encoding="UTF-8"?>
2.  
   <configuration>
3.  
   <include resource="org/springframework/boot/logging/logback/base.xml"/>
4.  
    
5.  
   <appender name="LOGSTASH" class="net.logstash.logback.appender.LogstashTcpSocketAppender">
6.  
   <!--//logstash ip和暴露的端口，logback就是通过这个地址把日志发送给logstash-->
7.  
   <destination>127.0.0.1:9061</destination>
8.  
   <encoder charset="UTF-8" class="net.logstash.logback.encoder.LogstashEncoder"/>
9.  
   </appender>
10.  
    <!--<appender name="LOGSTASH2FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">-->
11.  
    <!--<append>true</append>-->
12.  
    <!--<file>E:\elk\logstash-8.3.2\logs\access.log</file>-->
13.  
    <!--<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">-->
14.  
    <!--<fileNamePattern>E:\elk\logstash-8.3.2\logs\access.%d{yyyyMMdd}.log</fileNamePattern>-->
15.  
    <!--</rollingPolicy>-->
16.  
    <!--<encoder charset="UTF-8" class="net.logstash.logback.encoder.LogstashEncoder"/>-->
17.  
    <!--</appender>-->
18.  
    <root level="INFO">
19.  
    <appender-ref ref="LOGSTASH"/>
20.  
    <appender-ref ref="CONSOLE"/>
21.  
    <!--<appender-ref ref="LOGSTASH2FILE"/>-->
22.  
    </root>
23.  
    </configuration>

重启Elasticsearch 、 Logstash、Kibana、SpringBoot；注意启动顺序 。

进入：http://localhost:5601/

这篇好文章是转载于：学新通技术网