ELK收集java日誌

轉載來源：ELK收集java日誌 https://www.jianshu.com/p/957e8ead3f8d
由於elasticsearch本身產生的日誌就是java日誌,所以我們可以通過ELK平臺直接收集elasticsearch日誌

1.修改filebeat配置文件

[root@db01 ~]# vim /etc/filebeat/filebeat.yml
filebeat.inputs:

- type: log
  enabled: true
  paths:
    -  /var/log/elasticsearch/elasticsearch.log
  tags: ["es"]
##開啓多行匹配
  multiline.pattern: '^\['
  multiline.negate: true
  multiline.match: after

setup.kibana:
  host: "172.16.210.53:5601"

output.elasticsearch:
  hosts: ["172.16.210.53:9200"]
  indices:
    - index: "es-java-%{[beat.version]}-%{+yyyy.MM}"
      when.contains:
        tags: "es"

2.重啓filebeat

[root@db01 ~]# systemctl restart filebeat

3.打開kibana界面添加展示數據

點擊discover查看數據