格式化JSON中的java日志以在ELK堆栈中使用
我试图以JSON格式输出我的日志,这样我就不需要在我的ELK堆栈中使用过滤器了。它似乎确实起作用了 这是我的格式化JSON中的java日志以在ELK堆栈中使用,java,json,logback,slf4j,logstash-logback-encoder,Java,Json,Logback,Slf4j,Logstash Logback Encoder,我试图以JSON格式输出我的日志,这样我就不需要在我的ELK堆栈中使用过滤器了。它似乎确实起作用了 这是我的 import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.json.simple.JSONObject; public class MyApp { static Logger logger = LoggerFactory.getLogger(MyApp.class); @SuppressWa
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.json.simple.JSONObject;
public class MyApp {
static Logger logger = LoggerFactory.getLogger(MyApp.class);
@SuppressWarnings("unchecked")
public static void main(String[] args) {
// TODO Auto-generated method stub
JSONObject obj = new JSONObject();
JSONObject obj2 = new JSONObject();
obj.put("name","foo");
obj.put("num",new Integer(100));
obj.put("balance",new Double(1000.21));
obj.put("is_vip",new Boolean(true));
obj2.put("ob2name","bar");
obj2.put("ob2num",new Integer(200));
obj.put("names", obj2);
logger.info("{}", obj);
}
}
{"@timestamp":"2016-07-27T17:51:08.331+01:00","@version":1,"thread_name":"main","logger_name":"MyApp","level":"INFO","level_value":20000,"HOSTNAME":"gman","message":"{\"names\":{\"ob2num\":200,\"ob2name\":\"bar\"},\"balance\":1000.21,\"is_vip\":true,\"num\":100,\"name\":\"foo\"}"}
{
"@timestamp" => "2016-07-27T16:51:08.331Z",
"@version" => 1,
"thread_name" => "main",
"logger_name" => "MyApp",
"level" => "INFO",
"level_value" => 20000,
"HOSTNAME" => "gman",
"message" => "{\"names\":{\"ob2num\":200,\"ob2name\":\"bar\"},\"balance\":1000.21,\"is_vip\":true,\"num\":100,\"name\":\"foo\"}",
"host" => "gman",
"path" => "C:\\apps\\dots\\logs\\file.log"
}
消息似乎是以字符串形式输出的,我如何才能将其输出为JSON,以便Elasticsearch能够提取各个字段并对它们进行索引,以便它们可以进行搜索 在日志存储的conf文件中,添加json过滤器:
filter {
json {
source => message
}
}
或者,使用地图并进行如下思考:
Map<String, Object> map = new HashMap<>();
map.put("system", "fedora");
logger.info(Markers.appendEntries(map), "Hello world");
{
"message" : "Hello world",
"system" : "fedora"
}