Skip to content

Latest commit

 

History

History
188 lines (160 loc) · 6.15 KB

README.md

File metadata and controls

188 lines (160 loc) · 6.15 KB

Playing with Java + ELK Stack

Build Status

This repo aims to practice with ELK Stack thanks to a simple SpringBoot application. Following this repo, you are going to:

  • Monitor a SpringBoot application log and API beats with the ELK Stack.​
  • Practice with Kibana Dashboards and indexing tools. ​
  • Follow each ELK setup and understand connections and events setup.​

Click here to get more info on ELK Monitoring.

Running the services...

docker-compose up -d --build

Kibana initial setup and basic use.

  1. Go to http://localhost:5601/

  1. Configure all matching index pattern: *

  1. Set Time Filter field name: @timestamp

  1. Save and click Discover to visualize the current logs saved in ElasticSearch database.

  1. Add some useful fields like tags to order the results.

  1. Now enjoy logging with the ELK Stack.

Docker-Compose services

Interactive

Background (No WebUI access)

  • elastic search
  • logstah
  • filebeat
  • heartbeat

Java SpringBoot Loggin

Logback configuration to send spring log file to elasticsearch through logstash.
/pom.xml

    ...
	<properties>
		<java.version>1.8</java.version>
	</properties>
    ...
	<dependencies>
        ...
		<dependency>
            <groupId>net.logstash.logback</groupId>
            <artifactId>logstash-logback-encoder</artifactId>
            <version>5.2</version>
            <scope>runtime</scope>
        </dependency>
	</dependencies>
...

/src/main/resources/application.yml)

server:
  port: 8080
  contextPath: /sbrest

logging:
  file: logs/application.log

Filebeat Setup

Logs from Java will be send to logstash the to elasticsearch indexing.
/elk-filebeat/filebeat.yml)

filebeat.inputs:
   - type: log
    paths:
      - /logs/application.log  
    tags: ["filebeat", "log_file"]    
    ...
output.elasticsearch:
  hosts: ["elasticsearch:9200"]
...
# X-pack optional module
xpack.monitoring.enabled: true
xpack.monitoring.elasticsearch.hosts: ["host.docker.internal:9200"]

Heartbeat Setup

Setting up services and endpoints to monitor HTTP status.
/elk-heartbeat/heartbeat.yml)

heartbeat.monitors:
# ELK monitors
...
- type: http
  schedule: '*/3 * * * * *'
  urls: ["http://elasticsearch:9200"]   
  name: "monitor_elasticsearch"
  tags: ["elk", "elasticsearch_index", "status"]
...
# APP monitors
- type: http
  schedule: '*/1 * * * * *'
  urls: ["http://sbrest:8080/health"]
  check.response.status: 200
  name: "monitor_app_health"
  tags: ["app_info", "health", "status"]
...
# STACK setup
heartbeat.scheduler:
  limit: 1
output.elasticsearch:
  hosts: ["elasticsearch:9200"]
setup.kibana:
  host: "kibana:5601"

Logstash Setup

The input will come filebeat, then the events will filtered and send to elasticsearch.
/elk-logstash/logstash.conf)

input {

    file {
        path => "/logs/application.log"
        tags => ['sbrest', 'application.log']
        type => "logback"
    }
}

output {
    elasticsearch {
        hosts => ["elasticsearch:9200"]
        manage_template => false
        index => "logback-%{+YYYY.MM.dd}"
        document_type => "application.log"
   }
}

Run locally ONLY the SpringBoot Rest App

Go to the folder /java-sbrest then run the following Docker commands.

docker build -t sbrest_only .
docker run --name sbrest_only --rm -v $PWD/logs:/logs -p 8082:8080 sbrest_only

Updating the source code

If you are going to make changes into the source code and test those into the ELK enviroment. Remember to build the sbrest-0.1.jar.jar file, then copy it from /target into the /java-sbrest folder, or the changes wont be updated into the compose deployment.

    mvn dependency:tree
    mvn -Dtest=SpringBootRestTestClient test
    mvn package
    mvn spring-boot:run

    cp target/sbrest-0.1.jar java-sbrest/sbrest-0.1.jar
     
    # If the compose environment is running.
    docker-compose up --detach --build sbrest

Testing logs outputs

To try endpoints outputs in the logstash and filebeat monitoring apps, run any of this curl requests.

curl http://localhost:8081/api/user/  
curl http://localhost:8081/api/user/2  
curl http://localhost:8081/api/user/a  
curl http://localhost:8081/api/user/99  
curl http://localhost:8081/api/info 
curl http://localhost:8081/api/debug 

# This example will output a full java exception
curl http://localhost:8081/api/exception