elk收集tomcat日志

时间:2023-03-09 02:35:55
elk收集tomcat日志 
1、elk收集tomcat普通日志:

只在logstash节点增加如下文件,重启logstash即可:

cat >>/home/logstash-6.3.0/config/tomcat_test.conf<<EOF

input {

     file {

        path => ["/usr/local/tomcat/logs/localhost_access_log.2019-02-12.txt"]

        type => "tomcat_log"

        start_position => "beginning"

codec => json

     }

}

filter {

date {

match => [ "timestamp" , "YYYY-MM-dd HH:mm:ss" ]

}

}

output {

elasticsearch {

        hosts => ["192.168.0.91:9200"]

        index => "tomcat-pc-%{+YYYY.MM.dd}"

    }

    stdout {

codec => rubydebug

    }

}

EOF

2、elk收集tomcat中catalina.out日志

只在logstash节点增加如下文件,重启logstash即可:

cat >>/home/logstash-6.3.0/config/tomcat_catalina.out.conf<<EOF

input {

     file {

        path => ["/usr/local/tomcat/logs/catalina.out"]

        type => "tomcat_log"

        start_position => "beginning"

codec => json

     }

}

filter {

date {

match => [ "timestamp" , "YYYY-MM-dd HH:mm:ss" ]

}

}

output {

elasticsearch {

        hosts => ["192.168.0.91:9200"]

        index => "tomcat-pc-%{+YYYY.MM.dd}"

    }

    stdout {

codec => rubydebug

    }

}

EOF

参照文档:

https://www.cnblogs.com/kakarott/p/8118906.html

相关文章