项目上线都已经有一段了时间,新的功能在不断上,bug也随着时间慢慢浮现。令人差异的是,每次出现bug都是用户发现的,虽然开发迭代的版主里,一直都没有测试跟着我们走,但是让用户去发现bug实在有点说不过了。在项目初期我用backlog做了info,error文件切分,但是每次看日志都是要用head | more这些命令去看,而且效率也很慢。业界做日志处理都是用elk,自己从零开始琢磨到构建完成,一点点心得分享出来,也当作一次学习笔记。
logstash介绍
maven
<dependency>
<groupId>net.logstash.logback</groupId>
<artifactId>logstash-logback-encoder</artifactId>
<version>4.7</version>
</dependency>
<appender name="logstash" class="net.logstash.logback.appender.LogstashTcpSocketAppender">
<destination>192.168.10.106:5200</destination>
<encoder charset="UTF-8" class="net.logstash.logback.encoder.LogstashEncoder" />
</appender>
log.info("request={} clientIP={} executTime={} urlParams={} sourcesLog={} referer={} agent={}",
/* log.info("{} | {} | {} | {} | {} | {} |{}",
request.getRequestURI(),IpUtil.getIpAddr(request),executionTime,logstring.toString(),value,request.getHeader("Referer"),request.getHeader("User-Agent"));
*/
// {"message" => "%{URIPATH:request} %{IP:clientip} %{NUMBER:response:int} "%{WORD:sources}" (?:%{URI:referrer}|-) [%{GREEDYDATA:agent}]"}
log.info("{} {} {} "{}" {} [{}] {}",request.getRequestURI(),IpUtil.getIpAddr(request),executionTime,value,request.getHeader("Referer") == null
? "http://o.southgis.com" :request.getHeader("Referer") ,request.getHeader("User-Agent"),logstring);
}
filter {
grok {
match => {"message" => "%{URIPATH:request} %{IP:clientip} %{NUMBER:response:int} "%{WORD:sources}" (?:%{URI:referrer}|-) [%{GREEDYDATA:agent}] {%{GREEDYDATA:params}}"}
}
geoip {
source => ["clientip"]
database => "D:/java_software/logstash-5.6.3/config/GeoLite2-City.mmdb"
}
mutate {
remove_field => ["port","@version","level_value"]
}
}
input {
#file {
# path => "D:/idea/cloud/pybbs-master/log/info.log"
# start_position => "beginning" #从文件开始处读写
# }
stdin {}
tcp {
host => "localhost"
port => 9250
codec => json_lines
mode => "server"
}
}
filter {
grok {
match => {"message" => "%{URIPATH:request} %{IP:clientip} %{NUMBER:response:int} "%{WORD:sources}" (?:%{URI:referrer}|-) [%{GREEDYDATA:agent}] {%{GREEDYDATA:params}}"}
}
geoip {
source => ["clientip"]
database => "D:/java_software/logstash-5.6.3/config/GeoLite2-City.mmdb"
}
mutate {
remove_field => ["port","@version","level_value"]
}
}
output {
stdout { codec => rubydebug }
elasticsearch { hosts => "172.16.42.14:9200" } #输出到ES中。
elasticsearch {
hosts => [ "localhost:9200" ]
index => "pybbs"
document_type => "weblog"
}
}
