DEV Community

Raphael Miranda
Raphael Miranda

Posted on

Sending formatted logs to ELK

If you're using ELK and java you're probably using elastic beat to listen to log files in your servers, parsing and sending to your log storage, elasticsearch. However since your app is generating the log, it can format it to the expected Kibana json document and reduce the complexity of your log processing pipeline.

The LoggingEventAsyncDisruptorAppender is able to collect logs to the a Ring Buffer and send them asynchronously to a Redis server where it will sit for a few seconds until the logstash workers can ship them to the elasticsearch server. In the example, an app using Spring Boot is tagging the logs with the correspondent environment, prod, dev, etc. You can include other fields exposed and detailed in the docs.

Logback logstash encoder:

<appender name="REDIS_APPENDER" class="net.logstash.logback.appender.LoggingEventAsyncDisruptorAppender">
            <appender class="de.idealo.logback.appender.RedisBatchAppender">
                <encoder class="net.logstash.logback.encoder.LoggingEventCompositeJsonEncoder">
                                "timestamp": "%d{yyyy-MM-dd'T'HH:mm:ss.SSSZZ}",
                                "message": "%message",
                                "logger": "%logger",
                                "thread": "%thread",
                                "level": "%level",
                                "host": "${HOSTNAME}",
                                "env": "${}",
                                "app": "front"
                            <throwableConverter class="net.logstash.logback.stacktrace.ShortenedThrowableConverter">

Top comments (0)