[8.5.5.16 or later]

Analyzing WebSphere Application Server logs with Elastic Stack

You can analyze WebSphere® Application Server logs by using Elasticsearch, Logstash, Kibana, and Filebeat. You can use Kibana to visualize the logs from multiple application server instances, and use filters and queries to do advanced problem determination.

About this task

To view your logs and trace in Kibana dashboards, set up your application server to use HPEL mode logging. The HPEL logViewer command enables the log and trace data to be rendered in a JSON format, which is easy for Filebeat and the ELK stack to use.

Procedure

Complete this procedure to run the logViewer command.

  1. Start the server.
  2. If you have not done so already, enable HPEL.

    Read about Changing from basic mode to HPEL logging and tracing for more information.

  3. Change to the /opt/IBM/WebSphere/AppServer/profiles/AppSrv01/bin directory.
  4. Run the logViewer command.

    Run the command as follows:

    ./logViewer.sh  -outLog /opt/IBM/WebSphere/AppServer/profiles/AppSrv01/logs/server1/hpelOutput.log -resumable -resume -format json -monitor

What to do next

Now that you can run the logViewer command, set up your Elastic Stack.

Setting up Elastic Stack to use and visualize WebSphere logs

Complete the following steps to set up an Elasticsearch, Logstash, Kibana (ELK) stack, and Filebeat.

Procedure

  1. Download the sample Logstash configuration file, was_logstash.conf, from the sample.logstash.websphere-traditional repository.
  2. In the Logstash configuration file, customize the Beats port, port:port_number, and the Elasticsearch hosts (Elasticsearch_host_name:port_number) value.
  3. Download the sample Filebeat configuration file, was_filebeat.yml, from the repository. In the was_filebeat.yml file, change the path of the log to the location of the hpelOutput.log file.
  4. Start Elasticsearch, Logstash, Kibana, and Filebeat. See the Elastic website for instructions.
  5. Open Kibana in a browser and create an index.
    • For Kibana 7, 6, or 5.6, click Management > Index Patterns.
      • Enter logstash-* as the Index Pattern.
      • Click Advanced Options, and enter logstash-* as the Index Pattern ID.
      • Select ibm_datetime as the Time filter field name, and click Create.
    • For Kibana 5.0-5.5, click Management > Index Patterns and select ibm_datetime as the Time filter field name. Click Create.
    • Download a sample dashboard, was_kibana.json (or was-kibana.ndjson), from the sample.logstash.websphere-traditional repository.
    • Import the dashboard into Kibana.
      • For Kibana 7, 6, or 5.6, click Management > Saved Object > Import > > .
    • View the dashboard.
      • For Kibana 7, 6, or 5.6, click Dashboard > Open, and select the dashboard.

Results

You configured your application server to send events to Logstash and can now view your events in the provided dashboard that uses Kibana. Now, you can create your own queries, visualizations, or dashboards to analyze the log data.