我的应用程序的ELK配置使用日志存储日志转发到弹性搜索

时间:2019-06-11 11:57:47

标签: elasticsearch elastic-stack elk

我是ELK配置的新手。

https://www.digitalocean.com/community/tutorials/how-to-install-elasticsearch-logstash-and-kibana-elastic-stack-on-ubuntu-16-04

我已经在本地计算机上配置了,并且工作正常。 我想使用文件拍的日志存储将应用程序日志文件转发到弹性搜索。 配置完所有东西后,系统日志就可以正常工作了。 但是我无法将我的应用程序日志存储到弹性搜索中。 请帮助我。

这是我的日志文件:

service.log 

{"name":"service name", "hostname":"abc", "pid":4474, "userId":"123", "school_id":"123", "role":"student", "username":"mahi123", "serviceName":"loginService", "level":40, "msg":"successFully fetch trail log", "time":"2019-06-01T10:55:46.482Z","v":0}

1 个答案:

答案 0 :(得分:0)

一些故障排除步骤,可在日志未到达Elastisearch时进行处理:

  1. 检查您的日志解析配置文件(通常以扩展名.conf制成)。确保它具有扫描日志的正确路径,正确的过滤器集等。要查看此.conf文件是否确实有效,可以尝试:

logstash -f <elasticsearch.conf file path>如果在控制台上没有引发任何错误,则表明您现在很擅长,必须继续执行下一步。

  1. 检查是否创建了Kibana索引。跑 curl http://<hostipaddress or localhost>:9200/_cat/indices?v

如果是,请转到Kibana管理并创建索引模式。

如果没有,请检查系统是否有足够的可用内存来提供logstash和elastisearch。一旦启动logstash和elasticsearch服务,free -m将会很有帮助。 很多次,我见过人们尝试在内存不足的机器上尝试ELK设置(4GB听起来很适合独立安装)。

  1. 检查您的logstash和Elasticsearch服务是否已启动并正在运行。如果在日志解析或索引创建期间Elasticsearch宕机或重新启动,则很可能是由于缺乏系统资源。
    -bash-4.2# systemctl status elasticsearch
    �� elasticsearch.service - Elasticsearch
       Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled; vendor preset: disabled)
       Active: active (running) since Wed 2019-06-05 14:08:26 UTC; 1 weeks 0 days ago
         Docs: http://www.elastic.co
     Main PID: 1396 (java)
       CGroup: /system.slice/elasticsearch.service
               ������1396 /bin/java -Xms1g -Xmx1g -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMS...

    Jun 05 14:08:26 cue-bldsvr4 systemd[1]: Started Elasticsearch.
    Jun 05 14:08:26 cue-bldsvr4 systemd[1]: Starting Elasticsearch...
    -bash-4.2# systemctl status logstash     
    �� logstash.service - logstash
       Loaded: loaded (/etc/systemd/system/logstash.service; enabled; vendor preset: disabled)
       Active: active (running) since Wed 2019-06-05 14:50:52 UTC; 1 weeks 0 days ago
     Main PID: 4320 (java)
       CGroup: /system.slice/logstash.service
               ������4320 /bin/java -Xms256m -Xmx1g -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFrac...

    Jun 05 14:50:52 cue-bldsvr4 systemd[1]: Started logstash.
    Jun 05 14:50:52 cue-bldsvr4 systemd[1]: Starting logstash...
    Jun 05 14:51:08 cue-bldsvr4 logstash[4320]: Sending Logstash's logs to /var/log/logstash which is now configur...rties
    Hint: Some lines were ellipsized, use -l to show in full.
    -bash-4.2#
相关问题
最新问题