©2016-2024 Matools All rights reserved,
粤ICP备17059708号
Docker中一键安装ELK
对于这种工具类的东西,第一步就直接到docker的hub中查找了,很幸运,不仅有Elasticsearch,kibana,logstash
单独的镜像,而且还直接 有ELK的镜像。
sudo docker run -p 5601:5601 -p 9200:9200 -p 5044:5044 -d --name log-platform
--restart always sebp/elk
这当然能少好多配置,毫不犹豫就选择了elk的镜像,
运行起来!如果没有异常的话相信就很容易的跑起来了(最有可能出现的问题就是虚拟内存不足了,可以百度找解决方案这里就不在详细说了)
项目中添加log4net到Elasticseach的Appender
因为在.net core
之前就有搭建过日志中心,所以对于appender还记得有一个Log4net.Elasticsearch的dll,但是在查看资料之后发现很久没有更新
也不支持.net standard。在决定自己实现appender之前,抱着侥幸心理去查找了一翻,既然找到一个支持.net core的开源项目log4stash
<https://github.com/urielha/log4stash>
。很幸运,又可以不要造轮子了,哈哈。log4Stash使用很简单,但是配置的东西还挺多的而且作者也没有很好的文档介绍,先不管其他的用起来在说。
* 项目中添加log4stash Install-Package log4stash -Version 2.2.1
* 修改log4net.config
在log4net.config中添加appender <appender name="ElasticSearchAppender"
type="log4stash.ElasticSearchAppender, log4stash"> <Server>localhost</Server>
<Port>9200</Port> <IndexName>log_test_%{+yyyy-MM-dd}</IndexName>
<IndexType>LogEvent</IndexType> <Bulksize>2000</Bulksize>
<BulkIdleTimeout>10000</BulkIdleTimeout> <IndexAsync>True</IndexAsync>
</appender>
另外附上全部的配置信息
<appender name="ElasticSearchAppender" type="log4stash.ElasticSearchAppender,
log4stash"> <Server>localhost</Server> <Port>9200</Port> <!-- optional: in case
elasticsearch is located behind a reverse proxy the URL is like
http://Server:Port/Path, default = empty string --> <Path>/es5</Path>
<IndexName>log_test_%{+yyyy-MM-dd}</IndexName> <IndexType>LogEvent</IndexType>
<Bulksize>2000</Bulksize> <BulkIdleTimeout>10000</BulkIdleTimeout>
<IndexAsync>False</IndexAsync> <DocumentIdSource>IdSource</DocumentIdSource>
<!-- obsolete! use IndexOperationParams --> <!-- Serialize log object as json
(default is true). -- This in case you log the object this way:
`logger.Debug(obj);` and not: `logger.Debug("string");` -->
<SerializeObjects>True</SerializeObjects> <!-- optional: elasticsearch timeout
for the request, default = 10000 -->
<ElasticSearchTimeout>10000</ElasticSearchTimeout> <!--You can add parameters
to the request to control the parameters sent to ElasticSearch. for example, as
you can see here, you can add a routing specification to the appender. The Key
is the key to be added to the request, and the value is the parameter's name in
the log event properties.--> <IndexOperationParams> <Parameter>
<Key>_routing</Key> <Value>%{RoutingSource}</Value> </Parameter> <Parameter>
<Key>_id</Key> <Value>%{IdSource}</Value> </Parameter> <Parameter>
<Key>key</Key> <Value>value</Value> </Parameter> </IndexOperationParams> <!--
for more information read about log4net.Core.FixFlags -->
<FixedFields>Partial</FixedFields> <Template> <Name>templateName</Name>
<FileName>path2template.json</FileName> </Template> <!--Only one credential
type can used at once--> <!--Here we list all possible types-->
<AuthenticationMethod> <!--For basic authentication purposes--> <Basic>
<Username>Username</Username> <Password>Password</Password> </Basic> <!--For
AWS ElasticSearch service--> <Aws>
<Aws4SignerSecretKey>Secret</Aws4SignerSecretKey>
<Aws4SignerAccessKey>AccessKey</Aws4SignerAccessKey>
<Aws4SignerRegion>Region</Aws4SignerRegion> </Aws> </AuthenticationMethod> <!--
all filters goes in ElasticFilters tag --> <ElasticFilters> <Add>
<Key>@type</Key> <Value>Special</Value> </Add> <!-- using the @type value from
the previous filter --> <Add> <Key>SmartValue</Key> <Value>the type is
%{@type}</Value> </Add> <Remove> <Key>@type</Key> </Remove> <!-- you can load
custom filters like I do here --> <Filter
type="log4stash.Filters.RenameKeyFilter, log4stash"> <Key>SmartValue</Key>
<RenameTo>SmartValue2</RenameTo> </Filter> <!-- converts a json object to
fields in the document --> <Json> <SourceKey>JsonRaw</SourceKey>
<FlattenJson>false</FlattenJson> <!-- the separator property is only relevant
when setting the FlattenJson property to 'true' --> <Separator>_</Separator>
</Json> <!-- converts an xml object to fields in the document --> <Xml>
<SourceKey>XmlRaw</SourceKey> <FlattenXml>false</FlattenXml> </Xml> <!-- kv and
grok filters similar to logstash's filters --> <Kv>
<SourceKey>Message</SourceKey> <ValueSplit>:=</ValueSplit> <FieldSplit>
,</FieldSplit> </kv> <Grok> <SourceKey>Message</SourceKey> <Pattern>the message
is %{WORD:Message} and guid %{UUID:the_guid}</Pattern>
<Overwrite>true</Overwrite> </Grok> <!-- Convert string like: "1,2, 45 9" into
array of numbers [1,2,45,9] --> <ConvertToArray> <SourceKey>someIds</SourceKey>
<!-- The separators (space and comma) --> <Seperators>, </Seperators>
</ConvertToArray> <Convert> <!-- convert given key to string -->
<ToString>shouldBeString</ToString> <!-- same as ConvertToArray. Just for
convenience --> <ToArray> <SourceKey>anotherIds</SourceKey> </ToArray>
</Convert> </ElasticFilters> </appender>
最后别忘了在root中添加上appender
<root> <level value="WARN" /> <appender-ref ref="ElasticSearchAppender" />
</root>
OK,项目的配置就到这里结束了,可以运行项目写入一些测试的日志了。
在kibana建立Index Pattern
Elasticsearch的Index跟关系数据库中的Database挺类似的,虽然我们项目在写了测试数据后,Elasticsearch中就已经有Index了,但是如果我们需要在可视化工具中查询数据的话建立Index
Pattern
进入Management - Create Index
Pattern,输入我们项目日志配置文件中的Index名称log_test-*(如果有数据,这边应该是会自动带出来的),然后创建,之后就可以在Kibana中浏览,查询我们的日志信息了。
热门工具 换一换