我对如何将日志条目直接放入elasticsearch(而不是logstash)感到有些困惑。到目前为止,我发现了一些附加目的地(log4j.appender.SocketAppender,log4j.appender.server等等),允许将日志发送到远程主机,也ConversionPattern可能这似乎让我们日志转换为“弹性友好”的格式,但这种方法看起来古怪......还是我错误?这是将日志发送到的一种方法elastic吗?
elasticsearch
log4j.appender.SocketAppender
log4j.appender.server
ConversionPattern
elastic
到目前为止,我有这样的配置:
log4j.rootLogger=DEBUG, server log4j.appender.server=org.apache.log4j.net.SocketAppender log4j.appender.server.Port=9200 log4j.appender.server.RemoteHost=localhost log4j.appender.server.ReconnectionDelay=10000 log4j.appender.server.layout.ConversionPattern={"debug_level":"%p","debug_timestamp":"%d{ISO8601}","debug_thread":"%t","debug_file":"%F", "debug_line":"%L","debug_message":"%m"}%n
但是我得到一个错误:
log4j:WARN Detected problem with connection: java.net.SocketException: Broken pipe (Write failed)
我找不到任何有用的示例,所以我无法理解我该怎么做以及如何解决。谢谢。
我找到了最符合我要求的解决方案。这是一个灰色日志。由于它是根据elasticsearch用法构建的,所以我能够立即切换到它。
为了使用它,我添加了此依赖项以及基本的log4j2依赖项:
<dependency> <groupId>org.graylog2.log4j2</groupId> <artifactId>log4j2-gelf</artifactId> <version>1.3.2</version> </dependency>
并使用log4j2.json配置:
log4j2.json
{ "configuration": { "status": "info", "name": "LOGGER", "packages": "org.graylog2.log4j2", "appenders": { "GELF": { "name": "GELF", "server": "log.myapp.com", "port": "12201", "hostName": "my-awsome-app", "JSONLayout": { "compact": "false", "locationInfo": "true", "complete": "true", "eventEol": "true", "properties": "true", "propertiesAsList": "true" }, "ThresholdFilter": { "level": "info" } } }, "loggers": { "logger": [ { "name": "io.netty", "level": "info", "additivity": "false", "AppenderRef": { "ref": "GELF" } } ], "root": { "level": "info", "AppenderRef": [ { "ref": "GELF" } ] } } } }
