问题
I am running Jira and Confluence within my company. I would like the logfiles to be shipped to Kibana.
This is very easy to do but I do not want to rewrite the Grok filters. I cannot imagine that nobody has done this already.
Does anybody have an example of a logstash shipper configuration. Most of the logging like catalina.log is standard.
Please help me with examples
回答1:
One would think that Java application logs only come in one form, but my experience is that there often are subtle differences. Sometimes the thread name is in square brackets and sometimes in parentheses, sometimes the thread name goes first and other times after the logger name, and so on. This gets more painful as you attempt to parse more than one type of log.
Instead of messing with various filters to join multiline messages and grok all the fields I strongly favor using the Log4j layout in github.com/logstash/log4j-jsonevent-layout to produce JSON-based logs that Logstash can read directly without any filters. Apart from not having to maintain filters you get all fields from each log event. Since I don't know what your catalina.log looks like I can't say what you'd be missing by parsing its contents instead of using the JSON layout.
The drawback is that it's a bit more work deployment-wise. You obviously have to deploy the layout jar file itself, but it has a couple of dependencies of its own (net.minidev:jsonsmart and commons-lang:commons-lang) that you need to make available too.
来源:https://stackoverflow.com/questions/29487414/logstash-shipper-configuration-for-jira