一、logstash安装
logstash作为kafka日志的消费者
1、将文件上传到服务器/home/tools路径下
tar -zxvf logstash-7.4.2.tar.gz -C /usr/local/
进入/usr/local/logstash-7.4.2,查看文件
2、创建script文件夹
文件文件logstash-script.conf
## multiline 插件也可以用于其他类似的堆栈式信息,比如linux的内核日志
input {
## 订阅kafka的所有app-log-开头和error-log-开头的主题
kafka {
## app-log-服务名称
topics_pattern => "app-log-.*"
bootstrap_servers => "47.xx.xx.120:9092"
codec => json
consumer_threads => 1 ##增加consumer的并行消费线程数
decorate_events => true
# auto_offset_rest => "latest"
group_id => "app-log-group"
}
kafka {
## error-log-服务名称
topics_pattern => "error-log-.*"
bootstrap_servers => "47.xx.xx.120:9092"
codec => json
consumer_threads => 1
decorate_events => true
# auto_offset_rest => "latest"
group_id => "error-log-group"
}
}
## 收到数据后,对数据进行过滤
filter {
## 时区转换
ruby {
code => "event.set(‘index_time‘,event.timestamp.time.localtime.strftime(‘%Y.%m.%d‘))"
}
if "app-log" in [fields][logtopic]{
grok {
## [表达式]
match => ["message","\[%NOTSPACE:currentDateTime}\] \[%{NOTSPACE:level}\] \[%NOTSPACE:thread-id}\] \[%NOTSPACE:class}\] \[%NOTSPACE:hostName}\] \[%NOTSPACE:ip}\] \[%NOTSPACE:applicationName}\] \[%NOTSPACE:location}\] \[%NOTSPACE:messageInfo}\] ## (\‘\‘|%{QUOTEDSTRING:throwable})"]
}
}
if "error-log" in [fields][logtopic]{
grok {
## [表达式]
match => ["message","\[%NOTSPACE:currentDateTime}\] \[%{NOTSPACE:level}\] \[%NOTSPACE:thread-id}\] \[%NOTSPACE:class}\] \[%NOTSPACE:hostName}\] \[%NOTSPACE:ip}\] \[%NOTSPACE:applicationName}\] \[%NOTSPACE:location}\] \[%NOTSPACE:messageInfo}\] ## (\‘\‘|%{QUOTEDSTRING:throwable})"]
}
}
}
## 输出到控制台
output {
stdout { codec => rubydebug }
}
3、logstash配置文件
1) logstash配置文件: /config/logstash.yml
2) JVM 参数文件: /config/jvm.options logstash是很吃内存的,如果是8G的内存,可以配置为6G。我这里是测试使用,配置256M
-Xms256m
-Xmx256m
如果使用了对外内存,建议配置60%,如果是8G,配置为4G
3) 日志格式配置文件: log4j2.properties
4) 制作Linux服务参数: /config/setartup.options
5) pipelines.yml
增加workers工作线程数 可以有效的提升logstash性能
pipeline.workers: 16
启动 logsstash
/usr/local/logstash-7.4.2/bin/logstash -f /usr/local/logstash-7.4.2/script/logstash-script.conf &
4、访问
http://118.xx.xx.101:8001/index
查看logstash日志
ogstash-0, groupId=app-log-group] Discovered group coordinator 47.xx.xx.120:9092 (id: 2147483647 rack: null)
/usr/local/logstash-7.4.2/vendor/bundle/jruby/2.5.0/gems/awesome_print-1.7.0/lib/awesome_print/formatters/base_formatter.rb:31: warning: constant ::Fixnum is deprecated
{
"message" => "[2021-01-14T16:15:04.342+08:00] [WARN] [http-nio-8001-exec-2-19] [com.example.collectlog.IndexController] [VM_0_13_centos] [172.18.0.1] [collectlog] [IndexController.java,21,com.example.collectlog.IndexController,index] [这是一条warn日志] ## ‘‘",
"index_time" => "2021.01.14",
"host" => {
"containerized" => false,
"architecture" => "x86_64",
"name" => "VM_0_13_centos",
"os" => {
"platform" => "centos",
"kernel" => "3.10.0-862.el7.x86_64",
"codename" => "Core",
"name" => "CentOS Linux",
"version" => "7 (Core)",
"family" => "redhat"
},
"id" => "c28d40cbc8e3adcb4e32d9779a77b39e",
"hostname" => "VM_0_13_centos"
},
"@version" => "1",
"input" => {
"type" => "log"
},
"agent" => {
"id" => "34a8e9b2-cdfa-4c43-8871-36bc8ff96029",
"hostname" => "VM_0_13_centos",
"type" => "filebeat",
"ephemeral_id" => "e60171d3-f3af-4321-9654-045e1fbafee1",
"version" => "7.4.2"
},
"ecs" => {
"version" => "1.1.0"
},
"tags" => [
[0] "_grokparsefailure"
],
"log" => {
"file" => {
"path" => "/home/files/wars/logs/error-collect.log"
},
"offset" => 504
},
"@timestamp" => 2021-01-14T08:15:07.038Z,
"fields" => {
"logbiz" => "collect",
"logtopic" => "error-log-collect",
"evn" => "dev"
}
}
{
"message" => "[2021-01-14T16:15:04.342+08:00] [INFO] [http-nio-8001-exec-2-19] [com.example.collectlog.IndexController] [VM_0_13_centos] [172.18.0.1] [collectlog] [IndexController.java,20,com.example.collectlog.IndexController,index] [这是一条info日志] ## ‘‘",
"index_time" => "2021.01.14",
"host" => {
"containerized" => false,
"architecture" => "x86_64",
"name" => "VM_0_13_centos",
"os" => {
"kernel" => "3.10.0-862.el7.x86_64",
"codename" => "Core",
"platform" => "centos",
"name" => "CentOS Linux",
"version" => "7 (Core)",
"family" => "redhat"
},
"id" => "c28d40cbc8e3adcb4e32d9779a77b39e",
"hostname" => "VM_0_13_centos"
},
"@version" => "1",
"input" => {
"type" => "log"
},
"agent" => {
"id" => "34a8e9b2-cdfa-4c43-8871-36bc8ff96029",
"hostname" => "VM_0_13_centos",
"type" => "filebeat",
"ephemeral_id" => "e60171d3-f3af-4321-9654-045e1fbafee1",
"version" => "7.4.2"
},
"ecs" => {
"version" => "1.1.0"
},
"tags" => [
[0] "_grokparsefailure"
],
"log" => {
"file" => {
"path" => "/home/files/wars/logs/app-collect.log"
},
"offset" => 18213
},
"@timestamp" => 2021-01-14T08:15:07.097Z,
"fields" => {
"logbiz" => "collect",
"logtopic" => "app-log-collect",
"evn" => "dev"
}
}
{
"message" => "[2021-01-14T16:15:04.342+08:00] [WARN] [http-nio-8001-exec-2-19] [com.example.collectlog.IndexController] [VM_0_13_centos] [172.18.0.1] [collectlog] [IndexController.java,21,com.example.collectlog.IndexController,index] [这是一条warn日志] ## ‘‘",
"index_time" => "2021.01.14",
"host" => {
"containerized" => false,
"name" => "VM_0_13_centos",
"os" => {
"platform" => "centos",
"kernel" => "3.10.0-862.el7.x86_64",
"codename" => "Core",
"name" => "CentOS Linux",
"version" => "7 (Core)",
"family" => "redhat"
},
"architecture" => "x86_64",
"id" => "c28d40cbc8e3adcb4e32d9779a77b39e",
"hostname" => "VM_0_13_centos"
},
"@version" => "1",
"input" => {
"type" => "log"
},
"agent" => {
"id" => "34a8e9b2-cdfa-4c43-8871-36bc8ff96029",
"hostname" => "VM_0_13_centos",
"type" => "filebeat",
"ephemeral_id" => "e60171d3-f3af-4321-9654-045e1fbafee1",
"version" => "7.4.2"
},
"ecs" => {
"version" => "1.1.0"
},
"tags" => [
[0] "_grokparsefailure"
],
"log" => {
"file" => {
"path" => "/home/files/wars/logs/app-collect.log"
},
"offset" => 18464
},
"@timestamp" => 2021-01-14T08:15:07.097Z,
"fields" => {
"logbiz" => "collect",
"logtopic" => "app-log-collect",
"evn" => "dev"
}
}
{
"message" => "[2021-01-14T16:15:04.345+08:00] [ERROR] [http-nio-8001-exec-2-19] [com.example.collectlog.IndexController] [VM_0_13_centos] [172.18.0.1] [collectlog] [IndexController.java,22,com.example.collectlog.IndexController,index] [这是一条error日志] ## ‘‘",
"index_time" => "2021.01.14",
"host" => {
"containerized" => false,
"architecture" => "x86_64",
"name" => "VM_0_13_centos",
"os" => {
"platform" => "centos",
"kernel" => "3.10.0-862.el7.x86_64",
"codename" => "Core",
"name" => "CentOS Linux",
"version" => "7 (Core)",
"family" => "redhat"
},
"id" => "c28d40cbc8e3adcb4e32d9779a77b39e",
"hostname" => "VM_0_13_centos"
},
"@version" => "1",
"input" => {
"type" => "log"
},
"agent" => {
"id" => "34a8e9b2-cdfa-4c43-8871-36bc8ff96029",
"hostname" => "VM_0_13_centos",
"type" => "filebeat",
"ephemeral_id" => "e60171d3-f3af-4321-9654-045e1fbafee1",
"version" => "7.4.2"
},
"ecs" => {
"version" => "1.1.0"
},
"tags" => [
[0] "_grokparsefailure"
],
"log" => {
"file" => {
"path" => "/home/files/wars/logs/error-collect.log"
},
"offset" => 755
},
"@timestamp" => 2021-01-14T08:15:07.038Z,
"fields" => {
"logbiz" => "collect",
"logtopic" => "error-log-collect",
"evn" => "dev"
}
}
{
"message" => "[2021-01-14T16:15:04.345+08:00] [ERROR] [http-nio-8001-exec-2-19] [com.example.collectlog.IndexController] [VM_0_13_centos] [172.18.0.1] [collectlog] [IndexController.java,22,com.example.collectlog.IndexController,index] [这是一条error日志] ## ‘‘",
"index_time" => "2021.01.14",
"host" => {
"containerized" => false,
"name" => "VM_0_13_centos",
"architecture" => "x86_64",
"os" => {
"platform" => "centos",
"kernel" => "3.10.0-862.el7.x86_64",
"codename" => "Core",
"name" => "CentOS Linux",
"version" => "7 (Core)",
"family" => "redhat"
},
"id" => "c28d40cbc8e3adcb4e32d9779a77b39e",
"hostname" => "VM_0_13_centos"
},
"@version" => "1",
"input" => {
"type" => "log"
},
"agent" => {
"id" => "34a8e9b2-cdfa-4c43-8871-36bc8ff96029",
"hostname" => "VM_0_13_centos",
"type" => "filebeat",
"ephemeral_id" => "e60171d3-f3af-4321-9654-045e1fbafee1",
"version" => "7.4.2"
},
"ecs" => {
"version" => "1.1.0"
},
"tags" => [
[0] "_grokparsefailure"
],
"log" => {
"file" => {
"path" => "/home/files/wars/logs/app-collect.log"
},
"offset" => 18715
},
"@timestamp" => 2021-01-14T08:15:07.097Z,
"fields" => {
"logbiz" => "collect",
"logtopic" => "app-log-collect",
"evn" => "dev"
}
}
访问err接口http://118.xx.xx.101:8001/err,logstash输出如下
{
"message" => "[2021-01-14T16:28:35.808+08:00] [ERROR] [http-nio-8001-exec-6-23] [com.example.collectlog.IndexController] [VM_0_13_centos] [172.18.0.1] [collectlog] [IndexController.java,32,com.example.collectlog.IndexController,err] [除0异常] ## ‘ java.lang.ArithmeticException: / by zero\n\tat com.example.collectlog.IndexController.err(IndexController.java:30)\n\tat sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tat sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tat sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tat java.lang.reflect.Method.invoke(Method.java:498)\n\tat org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:197)\n\tat org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:141)\n\tat org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:106)\n\tat org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:894)\n\tat org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:808)\n\tat org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87)\n\tat org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1061)\n\tat org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:961)\n\tat org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006)\n\tat org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:898)\n\tat javax.servlet.http.HttpServlet.service(HttpServlet.java:626)\n\tat org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883)\n\tat javax.servlet.http.HttpServlet.service(HttpServlet.java:733)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\n\tat org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\n\tat org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)\n\tat org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\n\tat org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93)\n\tat org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\n\tat org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)\n\tat org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\n\tat org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)\n\tat org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)\n\tat org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:542)\n\tat org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143)\n\tat org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)\n\tat org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)\n\tat org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)\n\tat org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:374)\n\tat org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)\n\tat org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:888)\n\tat org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1597)\n\tat org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)\n\tat java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)\n\tat java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)\n\tat org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)\n\tat java.lang.Thread.run(Thread.java:748)\n‘",
"index_time" => "2021.01.14",
"host" => {
"containerized" => false,
"name" => "VM_0_13_centos",
"architecture" => "x86_64",
"os" => {
"kernel" => "3.10.0-862.el7.x86_64",
"codename" => "Core",
"platform" => "centos",
"name" => "CentOS Linux",
"version" => "7 (Core)",
"family" => "redhat"
},
"id" => "c28d40cbc8e3adcb4e32d9779a77b39e",
"hostname" => "VM_0_13_centos"
},
"@version" => "1",
"input" => {
"type" => "log"
},
"agent" => {
"id" => "34a8e9b2-cdfa-4c43-8871-36bc8ff96029",
"hostname" => "VM_0_13_centos",
"type" => "filebeat",
"ephemeral_id" => "e60171d3-f3af-4321-9654-045e1fbafee1",
"version" => "7.4.2"
},
"ecs" => {
"version" => "1.1.0"
},
"tags" => [
[0] "_grokparsefailure"
],
"log" => {
"flags" => [
[0] "multiline"
],
"file" => {
"path" => "/home/files/wars/logs/error-collect.log"
},
"offset" => 1008
},
"@timestamp" => 2021-01-14T08:28:37.060Z,
"fields" => {
"logbiz" => "collect",
"logtopic" => "error-log-collect",
"evn" => "dev"
}
}
{
"message" => "[2021-01-14T16:28:35.808+08:00] [ERROR] [http-nio-8001-exec-6-23] [com.example.collectlog.IndexController] [VM_0_13_centos] [172.18.0.1] [collectlog] [IndexController.java,32,com.example.collectlog.IndexController,err] [除0异常] ## ‘ java.lang.ArithmeticException: / by zero\n\tat com.example.collectlog.IndexController.err(IndexController.java:30)\n\tat sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tat sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tat sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tat java.lang.reflect.Method.invoke(Method.java:498)\n\tat org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:197)\n\tat org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:141)\n\tat org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:106)\n\tat org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:894)\n\tat org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:808)\n\tat org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87)\n\tat org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1061)\n\tat org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:961)\n\tat org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006)\n\tat org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:898)\n\tat javax.servlet.http.HttpServlet.service(HttpServlet.java:626)\n\tat org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883)\n\tat javax.servlet.http.HttpServlet.service(HttpServlet.java:733)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\n\tat org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\n\tat org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)\n\tat org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\n\tat org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93)\n\tat org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\n\tat org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)\n\tat org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\n\tat org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)\n\tat org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)\n\tat org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:542)\n\tat org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143)\n\tat org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)\n\tat org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)\n\tat org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)\n\tat org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:374)\n\tat org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)\n\tat org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:888)\n\tat org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1597)\n\tat org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)\n\tat java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)\n\tat java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)\n\tat org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)\n\tat java.lang.Thread.run(Thread.java:748)\n‘",
"index_time" => "2021.01.14",
"host" => {
"containerized" => false,
"architecture" => "x86_64",
"os" => {
"codename" => "Core",
"platform" => "centos",
"kernel" => "3.10.0-862.el7.x86_64",
"name" => "CentOS Linux",
"version" => "7 (Core)",
"family" => "redhat"
},
"name" => "VM_0_13_centos",
"id" => "c28d40cbc8e3adcb4e32d9779a77b39e",
"hostname" => "VM_0_13_centos"
},
"@version" => "1",
"input" => {
"type" => "log"
},
"agent" => {
"id" => "34a8e9b2-cdfa-4c43-8871-36bc8ff96029",
"hostname" => "VM_0_13_centos",
"type" => "filebeat",
"ephemeral_id" => "e60171d3-f3af-4321-9654-045e1fbafee1",
"version" => "7.4.2"
},
"ecs" => {
"version" => "1.1.0"
},
"tags" => [
[0] "_grokparsefailure"
],
"log" => {
"flags" => [
[0] "multiline"
],
"file" => {
"path" => "/home/files/wars/logs/app-collect.log"
},
"offset" => 18968
},
"@timestamp" => 2021-01-14T08:28:37.107Z,
"fields" => {
"logbiz" => "collect",
"logtopic" => "app-log-collect",
"evn" => "dev"
}
}
说明logstash作为kafka日志的消费者,已经消费了消息。
/usr/local/logstash-7.4.2/bin/logstash -f /usr/local/logstash-7.4.2/script/logstash-script.conf &
原文:https://www.cnblogs.com/linlf03/p/14276861.html