一、安装tomcat

将tomcat8的安装包放入到tomcat目录下

因为本机环境是有java环境的，所以不需要安装jdk。

启动tomcat

[root@k8s-node2 bin]# sh /tomcat/apache-tomcat-8.0.38/bin/startup.sh

 二、修改tomcat配置文件

[root@k8s-node2 conf]# vim /tomcat/apache-tomcat-8.0.38/conf/server.xml

找到137行，

pattern="{"clientip":"%h","ClientUser":"%l","authenticated":"%u","AccessTime":"%t","method":"%r","status":"%s","SendBytes":"%b","Query?string":"%q","partner":"%{Referer}i","AgentVersion":"%{User-Agent}i"}"/>

进行替换

 然后重启tomcat，查看访问日志已变成json格式的。

三、配置filebeat

[root@k8s-node2 log]# cat /etc/filebeat/filebeat.yml
filebeat.inputs:
- type: log
  enabled: true
  paths:
    - /var/log/nginx/access.log
  json.keys_under_root: true
  json.overwrite_keys: true
  tags: ["access"]

- type: log
  enabled: true
  paths:
    - /var/log/nginx/error.log
  tags: ["error"]

- type: log
  enabled: true
  paths:
    - /tomcat/apache-tomcat-8.0.38/logs/localhost_access_log.*.txt
  json.keys_under_root: true
  json.overwrite_keys: true
  tags: ["tomcat"]

output.elasticsearch:
  hosts: ["10.0.0.11:9200"]
  indices:
    - index: "nginx-access-%{[beat.version]}-%{+yyyy.MM}"
      when.contains:
       tags: "access"
    - index: "nginx-error-%{[beat.version]}-%{+yyyy.MM}"
      when.contains:
       tags: "error"
    - index: "tomcat_access-%{[beat.version]}-%{+yyyy.MM}"
      when.contains:
       tags: "tomcat"

setup.template.name: "nginx"
setup.template.pattern: "nginx-*"
setup.template.enabled: false
setup.template.overwrite: true

setup.template.name: "tomcat"
setup.template.pattern: "tomcat_*"
setup.template.enabled: false
setup.template.overwrite: true
 

重启filebeat，创建kibana索引