ELK~fluentd和logback多行文本避免折断

3 years ago

source link: https://www.cnblogs.com/lori/p/14848442.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

fluentd的配置

<source>
    type tail
    path "/var/log/*.log"
    pos_file "/var/log/*.log.pos"
    tag "test"
    refresh_interval 120
    format multiline
    format_firstline /\d{4}-\d{1,2}-\d{1,2}/
    format1 /^(?<access_time>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}.\d{3}) (?<application>[^ ]*) \[(?<app_thread>.*)\] (?<level>[^ ]*) (?<message>.*)/
    <parse>
      format_firstline /\d{4}-\d{1,2}-\d{1,2}/
      @type multiline
      format1 /^(?<access_time>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}.\d{3}) (?<application>[^ ]*) \[(?<app_thread>.*)\] (?<level>[^ ]*) (?<message>.*)/
    </parse>
  </source>
  <match **>
    @id elasticsearch
    @type elasticsearch
    @log_level "debug"
    index_name "fluentd"
    host "elasticsearch.elk"
    port 9200
    include_tag_key true
    tag_key "@log_name"
    logstash_format true
    flush_interval 10s
    logstash_prefix "test"
    <buffer>
      flush_interval 10s
    </buffer>
  </match>

logback.xml配置

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <springProperty scope="context" name="appName" source="spring.application.name" />
    <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
        <encoder>
             <pattern>%d{yyyy-MM-dd HH:mm:ss.SSS} ${springAppName} [%thread] %-5level %logger{50} - %msg%n</pattern>
        </encoder>
    </appender>

    <root level="DEBUG">
        <appender-ref ref="STDOUT" />
        <appender-ref ref="FLUENT_TEXT" />
    </root>
</configuration>

Recommend