jvm 程式,像是hadoop solr 可以把log 送到ELK 集中控管
ex: 修改hadoop log4j.properties
log4j.appender.server=org.apache.log4j.net.SocketAppender
log4j.appender.server.Port=4560
log4j.appender.server.RemoteHost=172.1.1.1
log4j.appender.server.LocationInfo=true
log4j.appender.server.Application=hadoop
logstash 設定ex: 修改hadoop log4j.properties
log4j.appender.server=org.apache.log4j.net.SocketAppender
log4j.appender.server.Port=4560
log4j.appender.server.RemoteHost=172.1.1.1
log4j.appender.server.LocationInfo=true
log4j.appender.server.Application=hadoop
input {
log4j {
host => "172.1.1.1"
port => 4560
}
}
filter {
grok {
match => { "host" => "%{IPORHOST:host}:%{POSINT}" } // 修改1.2.3.4:8888 => 1.2.3.4
overwrite => [ "host" ]
}
}
output {
elasticsearch { hosts => ["localhost:9200"] }
}
沒有留言:
張貼留言