windows下ELK8.0搭建
阿新 • • 發佈:2022-04-07
第一步:官網下載相關檔案
https://www.elastic.co/cn/elastic-stack/
第二步:啟動起來,如果要在ELK上顯現日誌,LogStash需要在bin目錄下新建一個conf檔案做配置
input { udp{ host=>"你的IP" port=>9601 } file { path => "C:/Users/Administrator/source/repos/Test/APITest/bin/Debug/netcoreapp3.1/Logs/\*.log" } } output { elasticsearch { hosts=> ["http://localhost:9200/"] index => "logstash-%{+YYYY.MM.dd}" } }
然後將使用一下命令啟動logstash
logstash.bat -f logstash_default.conf
如果報錯,可以使用絕對路徑
啟動之後
ES:http://localhost:9200 Kibana:http://localhost:5601
第三步:VS新建一個專案,我用的是Nlog
Nlog配置如下:
<?xml version="1.0" encoding="utf-8" ?> <nlog xmlns="http://www.nlog-project.org/schemas/NLog.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.nlog-project.org/schemas/NLog.xsd NLog.xsd" autoReload="true" throwExceptions="false" internalLogLevel="Off" internalLogFile="c:\temp\nlog-internal.log"> <!-- optional, add some variables https://github.com/nlog/NLog/wiki/Configuration-file#variables --> <variable name="myvar" value="myvalue"/> <!-- See https://github.com/nlog/nlog/wiki/Configuration-file for information on customizing logging rules and outputs. --> <targets> <!-- add your targets here See https://github.com/nlog/NLog/wiki/Targets for possible targets. See https://github.com/nlog/NLog/wiki/Layout-Renderers for the possible layout renderers. --> <!-- Write events to a file with the date in the filename. <target xsi:type="File" name="f" fileName="${basedir}/logs/${shortdate}.log" layout="${longdate} ${uppercase:${level}} ${message}" /> --> <!--Error儲存至檔案--> <target name="error_file" xsi:type="File" maxArchiveFiles="30" encoding="utf-8" fileName="${basedir}/Logs/${date:yyyyMMdd}_Error.log" archiveFileName="${basedir}/Logs/${date:yyyyMMdd}_Error.{#}.log" archiveDateFormat="yyyyMMdd" archiveAboveSize="104857600" archiveNumbering="Sequence" layout="${date:yyyy-MM-dd HH\:mm\:ss} ${message} ${onexception:${exception:format=tostring} ${newline} ${stacktrace}" /> <!--Trace儲存至檔案--> <target name="trace_file" xsi:type="File" maxArchiveFiles="30" encoding="utf-8" fileName="${basedir}/Logs/${date:yyyyMMdd}_Trace.log" archiveFileName="${basedir}/Logs/${date:yyyyMMdd}_Trace.{#}.log" archiveDateFormat="yyyyMMdd" archiveAboveSize="104857600" archiveNumbering="Sequence" layout="${date:yyyy-MM-dd HH\:mm\:ss} ${uppercase:${level}}: ${message}" /> <!--<target xsi:type="Network" name="ownLog-tcp" keepConnection="false" address ="tcp://你的IP:9601/" layout="${longdate} ${logger} ${uppercase:${level}} ${newline}【請求url】:${aspnet-request-url} ${newline}【輸出資訊】:${message},【堆疊資訊】:${exception: Type, ToString, Method, StackTrace} ${newline}"></target>--> <target name="network" xsi:type="Network" address="udp://你的IP:9601" layout="${message}"/> </targets> <rules> <!-- add your logging rules here --> <logger name="*" minlevel="Trace" writeTo="trace_file" /> <!--<logger name="*" minlevel="Debug" writeTo="debugger" />--> <logger name="*" minlevel="Error" writeTo="error_file" /> <!--<logger name="*" minlevel="Info" writeTo="ownLog-tcp" />--> <logger name="*" minlevel="Trace" writeTo="network" /> <!-- Write all events with minimal level of Debug (So Debug, Info, Warn, Error and Fatal, but not Trace) to "f" <logger name="*" minlevel="Debug" writeTo="f" /> --> </rules> </nlog>
之後你可以自己寫點日誌。
第四步:進入kibana檢視
8.0之後 Kibana的 Index patterns 被移動到了 data views裡面
那我們就在data views去看看
這樣就建立好了
然後就可以檢視日誌了,可以看看效果
如果需要更加準確的中文分詞,可以下載相關外掛IK分詞之類的,然後將外掛拷貝到ES的plugin下面,重啟ES即可
我也只是簡單的搭建然後實踐了一下,更高階的用法還沒用過,後續有機會研究一下。