问题:
我们的运维配置 EFK 不会配置 filter 来提取日志中的字段
我发现可以直接使用 logback appender 将日志输出到 elasticsearch
测试环境这么搞搞就行了
解决:
- pom.xml 增加
12345<dependency><groupId>com.internetitem</groupId><artifactId>logback-elasticsearch-appender</artifactId><version>1.6</version></dependency>
- logback-spring.xml
1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071<configuration debug="true"><springProperty scope="context" name="springAppName" source="spring.application.name"/><!--默认配置--><include resource="org/springframework/boot/logging/logback/defaults.xml"/><!--配置控制台(Console)--><include resource="org/springframework/boot/logging/logback/console-appender.xml"/><appender name="ELASTIC" class="com.internetitem.logback.elasticsearch.ElasticsearchAppender"><url>http://10.0.70.110:9200/_bulk</url><!-- <index>logs-%date{yyyy-MM-dd}</index>--><index>citysass</index><!-- <type>tester</type>--><!-- <loggerName>es-logger</loggerName> <!– optional –>--><!-- <errorLoggerName>es-error-logger</errorLoggerName> <!– optional –>--><connectTimeout>30000</connectTimeout> <!-- optional (in ms, default 30000) --><errorsToStderr>false</errorsToStderr> <!-- optional (default false) --><includeCallerData>false</includeCallerData> <!-- optional (default false) --><logsToStderr>false</logsToStderr> <!-- optional (default false) --><maxQueueSize>104857600</maxQueueSize> <!-- optional (default 104857600) --><maxRetries>3</maxRetries> <!-- optional (default 3) --><readTimeout>30000</readTimeout> <!-- optional (in ms, default 30000) --><sleepTime>250</sleepTime> <!-- optional (in ms, default 250) --><rawJsonMessage>false</rawJsonMessage> <!-- optional (default false) --><includeMdc>true</includeMdc> <!-- optional (default false) --><maxMessageSize>-1</maxMessageSize> <!-- optional (default -1 --><!-- <authentication class="com.internetitem.logback.elasticsearch.config.BasicAuthentication" /> <!– optional –>--><properties><property><name>appName</name><value>${springAppName}</value></property><property><name>host</name><value>HOST</value><allowEmpty>true</allowEmpty></property><property><name>severity</name><value>%level</value></property><property><name>thread</name><value>%thread</value></property><property><name>stacktrace</name><value>%ex</value></property><property><name>logger</name><value>%logger</value></property></properties><headers><header><name>Content-Type</name><value>application/json</value></header></headers></appender><logger name="com.telsafe" level="DEBUG"/><root level="INFO"><appender-ref ref="CONSOLE"/></root><springProfile name="eslog"><root level="INFO"><appender-ref ref="ELASTIC"/></root></springProfile></configuration>
- 运行时启用 profiles -Dspring.prifiles.active=default,eslog . eslog 会启用 logback中配置的 appender
参考:
https://github.com/internetitem/logback-elasticsearch-appender