艾辉 发表于 2018-11-9 11:55:10

elk收集nginx日志

  一 :客户端logstash.conf配置文件
  

input {  file {
  path => "/usr/local/nginx/logs/access.log"
  type => "nginxlog"
  start_position => "beginning"
  # sincedb_path => "/home/logstash/sincdb.nginxlog"
  }
  
}
  

  
filter{
  if =="nginxlog" {
  grok {
  match => ["message", "%{COMMONAPACHELOG}"]
  }
  date {
  match => ["timestamp","dd/MMM/yyyy:HH:mm:ss Z"]
  }
  }
  
}
  

  
output {
  stdout { codec => rubydebug }
  elasticsearch { hosts => "elk.test.com:9200" }
  
}
  

  ########################################################下面是kibana上面显示的日志内容
  "request" => "/",
  "auth" => "-",
  "ident" => "-",
  "verb" => "GET",
  "message" => "192.168.216.1 - - \"GET / HTTP/1.1\" 499 0 \"-\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0\"",
  "type" => "nginxlog",
  "path" => "/usr/local/nginx/logs/access.log",
  "@timestamp" => 2017-11-22T08:28:41.000Z,
  "response" => "499",
  "bytes" => "0",
  "clientip" => "192.168.216.1",
  "@version" => "1",
  "host" => "nginx.test.com",
  "httpversion" => "1.1",
  "timestamp" => "22/Nov/2017:16:28:41 +0800"
  二添加图像
  1查看ip访问次数
http://i2.51cto.com/images/blog/201803/09/4414042b31f2b032b70969a83033be21.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=
  2添加访问网站返回状态码的次数
http://i2.51cto.com/images/blog/201803/09/378c32746748d8c6a996b7b5f1ce7a4d.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=
  3 添加访问网站路径的次数,这个选择的是Data table类型
http://i2.51cto.com/images/blog/201803/09/05470403ed2939b38c59154ada6d09a7.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=
  4 添加统计网站各个时间段的请求响应传输量分布选择的,Area chart类型
http://i2.51cto.com/images/blog/201803/09/e228d09f339d532c12f957477692fd63.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=
  5 统计各个日志路径的数目(系统上面所有日志的路径)
http://i2.51cto.com/images/blog/201803/09/58f98cfd0ff1a44c704cf320dab76c3f.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=
http://i2.51cto.com/images/blog/201803/09/deead003553e57177a7c8f0f8f5f3af4.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=
  三 保存dasbord,把上面的五个图可以同时显示在一个页面之上
  1 第一步添加完成之后,就会跳到第二部,保存即可。
http://i2.51cto.com/images/blog/201803/09/a2e6bb97023843258c6e504c793f23ae.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=
http://i2.51cto.com/images/blog/201803/09/a7de1ae7bfbd2d274ba7c5a2709bf5d5.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=


页: [1]
查看完整版本: elk收集nginx日志