ELK日志系统----kibana插件之logtrail(7.2.0)
logtrail
- 一、安装logtrail(基于docker)
- 1、方式一
- 2、方式二
- 二、配置logtrail.json
- 三、日志级别颜色匹配
- 四、logtrail优化
一、安装logtrail(基于docker)
1、方式一
下载地址:https://github.com/sivasamyk/logtrail/releases
wget https://github.com/sivasamyk/logtrail/releases/download/v0.1.31/logtrail-7.2.0-0.1.31.zip
docker cp logtrail-7.2.0-0.1.31.zip kibana:/
docker exec -it kibana bash
./bin/kibana-plugin install file:///logtrail-7.2.0-0.1.31.zip
2、方式二
编写Dockerfile如下
FROM docker.elastic.co/kibana/kibana:7.2.0
RUN wget https://github.com/sivasamyk/logtrail/releases/download/v0.1.31/logtrail-7.2.0-0.1.31.zip -O /logtrail-7.2.0-0.1.31.zip \
&& ./bin/kibana-plugin install file:///logtrail-7.2.0-0.1.31.zip \
&& rm -rf /tmp/logtrail-7.2.0-0.1.31.zip
创建新的镜像
docker build -t cuiyf/kibana:7.2.0 .
bash-4.2$ pwd
/usr/share/kibana/plugins/logtrail
bash-4.2$ ls -la
total 40
drwxr-xr-x 5 kibana kibana 4096 May 27 10:10 .
drwxr-xr-x 3 kibana kibana 4096 May 27 10:10 ..
-rw-r--r-- 1 kibana kibana 523 May 27 10:10 index.js
-rw-r--r-- 1 kibana kibana 1257 May 27 10:10 logtrail.json
drwxr-xr-x 30 kibana kibana 4096 May 27 10:10 node_modules
-rw-r--r-- 1 kibana kibana 750 May 27 10:10 package.json
drwxr-xr-x 5 kibana kibana 4096 May 27 10:10 public
drwxr-xr-x 3 kibana kibana 4096 May 27 10:10 server
二、配置logtrail.json
收集docker日志,显示容器名称更优雅一些。。。
配置hostname对应的是容器名称,填写docker.container.name字段,对于k8s填写kubernetes.container.name字段
注意:keyword_suffix配置,有的版本需要设置为空才能显示,All Systems包含的容器名
{
"version" : 2,
"index_patterns" : [
{
"es": {
"default_index": "docker-localhost*"
},
"tail_interval_in_seconds": 10,
"es_index_time_offset_in_seconds": 10,
"display_timezone": "local",
"display_timestamp_format": "YYYY年MM月DD日 HH:mm:ss.SSS",
"max_buckets": 500,
"default_time_range_in_days" : 0,
"max_hosts": 100,
"max_events_to_keep_in_viewer": 5000,
"default_search": "",
"fields" : {
"mapping" : {
"timestamp" : "@timestamp",
"hostname" : "container.name",
"program": "source",
"message": "message"
},
"message_format": "{{{message}}}",
"keyword_suffix" : "keyword"
},
"color_mapping" : {
"field": "loglevel",
"mapping": {
"ERROR": "#FF0000",
"WARN": "#FFEF96",
"DEBUG": "#B5E7A0",
"TRACE": "#CFE0E8",
"INFO": "#339999"
}
}
}
]
}
三、日志级别颜色匹配
提供一个日志级别的loglevel字段,logstash中配置grok匹配
filter {
grok {
match => {
"message" => "%{LOGLEVEL:loglevel}"
}
}
}
配置logtrail.json到keyword_suffix下面
"keyword_suffix" : ""
},
"color_mapping" : {
"field": "loglevel",
"mapping": {
"ERROR": "#FF0000",
"WARN": "#FFEF96",
"DEBUG": "#B5E7A0",
"TRACE": "#CFE0E8",
"INFO": "#339999"
}
}
效果如下:
四、logtrail优化
tail_interval_in_seconds:主页刷新时间,填写过大比较耗CPU(为了实时性,我选择了1)
default_time_range_in_days:默认为0,将搜索所有索引的日志,当日志越来越多将影响查询,配置显示一天即可,也可以用default_time_range_in_minutes设置分钟
max_events_to_keep_in_viewer:logtail页面展示的最多日志条数,可以适当调大些
其他有待发现 ^.^