转载来源：ELK收集java日志 https://www.jianshu.com/p/957e8ead3f8d 由于elasticsearch本身产生的日志就是java日志,所以我们可以通过ELK平台直接收集elasticsearch日志

1.修改filebeat配置文件

[root@db01 ~]# vim /etc/filebeat/filebeat.yml filebeat.inputs: - type: log enabled: true paths: - /var/log/elasticsearch/elasticsearch.log tags: ["es"] ##开启多行匹配 multiline.pattern: '^\[' multiline.negate: true multiline.match: after setup.kibana: host: "172.16.210.53:5601" output.elasticsearch: hosts: ["172.16.210.53:9200"] indices: - index: "es-java-%{[beat.version]}-%{+yyyy.MM}" when.contains: tags: "es"

2.重启filebeat

[root@db01 ~]# systemctl restart filebeat

3.打开kibana界面添加展示数据

点击discover查看数据