filebeat读取nginx日志 》 输出到logstash中 》 logstash创建索引输入到elasticsearch,最后由kibana展示出来
此配置文件以上述服务安装在同一台为例,如果logstash或者elasticsearch服务在其他机器,配置文件中ip要记得修改
nginx 配置文件修改日志格式为json格式
# 注释掉默认的日志格式 记得配置log文件后面格式加上json
log_format json '{"created_at":"$time_iso8601",'
'"remote_addr":"$remote_addr",'
'"method":"$request_method",'
'"request":"$request",'
'"status":"$status",'
'"size":$body_bytes_sent,'
'"referer": "$http_referer",'
'"http_host":"$http_host",'
'"response_time":$request_time,'
'"http_x_forwarded_for":"$http_x_forwarded_for",'
'"user_agent": "$http_user_agent"'
'}';
filebeat 配置文件
# *.log 目录下所有log结尾的文件,也可以指定文件名称
filebeat.inputs:
- type: log
enabled: true
paths:
- /data/logs/nginx/*.log
tags: ["nginx"]
filebeat.config.modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: true
setup.template.settings:
index.number_of_shards: 1
setup.kibana:
output.logstash:
hosts: ["192.168.10.10:5044"]
processors:
- add_host_metadata:
when.not.contains.tags: forwarded
- add_cloud_metadata: ~
- add_docker_metadata: ~
- add_kubernetes_metadata: ~
logstash 配置文件
# Beats -> Logstash -> Elasticsearch pipeline.
# elasticsearch如果有密码,下面的要输入es的用户和密码
input {
beats {
port => 5044
codec => "json"
}
}
output {
if "nginx" in [tags] {
elasticsearch {
hosts => ["http://192.168.10.10:9200"]
index => "nginx-%{+YYYY.MM.dd}"
user => "elastic"
password => "password"
}
}
elasticsearch {
hosts => ["http://192.168.10.10:9200"]
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
user => "elastic"
password => "password"
}
}
kibana 配置文件
# elasticsearch如果有密码,下面的要输入es的用户和密码
server.port: 5601
server.host: "192.168.10.10"
server.name: "kib"
elasticsearch.hosts: ["http://192.168.10.10:9200"]
kibana.index: ".kibana"
elasticsearch.username: "elastic"
elasticsearch.password: "password"
elasticsearch.requestTimeout: 30000
logging.dest: /data/elk/kibana-7.9.3/logs/kibana.log
i18n.locale: "zh-CN"
kibana 日志展示统计图例
本文最后更新时间 2021-04-27
文章链接地址:https://me.jinchuang.org/archives/1123.html
本站文章除注明[转载|引用|原文]出处外,均为本站原生内容,转载前请注明出处
