作者:朝朝宝宝 | 来源:互联网 | 2023-08-26 18:12
参照http:nkcoder.github.ioblog20141031elkr-log-platform-deploy此作者搭建环境过程。借一张图:搭建版本为:Elasticse
参照 http://nkcoder.github.io/blog/20141031/elkr-log-platform-deploy/此作者搭建环境过程。
借一张图:
搭建版本为:
Elasticsearch:1.5.2
Logstash:1.4.2
Kibana:4.0.2
Shipper节点配置如下:
input {
file {
path => "/var/log/nginx/*_access.log"
}
}
filter {
if [path] =~ "access" {
mutate { replace => { "type" => "nginx_access" } }
grok {
match => { "message" => "%{IPORHOST:clientip} \[%{HTTPDATE:timestamp}\] \"(?:%{WORD:method} %{NOTSPACE:request}(?: HTTP/%{NUMBER:httpversion})?|%{DATA:rawrequest})\" %{NUMBER:response} (?:%{NUMBER:bytes}|-) %{QS:referrer} %{QS:timeconsumer}" }
}
}
date {
match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]
}
}
output {
redis {
data_type => "list"
host => “xxx"
password => “xxx"
key => “xxx"
}
}
Indexer配置如下:
input {
redis {
data_type => "list"
host => localhost
password => “xxx"
key => “xxx"
}
}
output {
elasticsearch {
host => localhost
codec => "json"
}
}
日志分析(一) 环境准备
京公网安备 11010802041100号