elk stack最新版本测试二配置篇阅读本文前请浏览
详细配置如下：
http://blog.chinaunix.net/uid-25057421-id-5567766.html
一，客户端
1，nginx日志格式
log_format logstash_json '{ @timestamp: $time_iso8601, '
'host: $server_addr, '
'clientip: $remote_addr, '
'size: $body_bytes_sent, '
'responsetime: $request_time, '
'upstreamtime: $upstream_response_time, '
'upstreamhost: $upstream_addr, '
'http_host: $host, '
'url: $uri, '
'referrer: $http_referer, '
'xff: $http_x_forwarded_for, '
'agent: $http_user_agent, '
'status: $status} ';
access_log /data/wwwlogs/access_jerrymin.test.com.log logstash_json;
2，fielbeat配置文件
filebeat:
prospectors:
-
- /data/wwwlogs/access_jerrymin.test.com.log
doucmenttype:jerrymin.test.com
output:
logstash:
enabled: true
hosts: [192.168.0.58:5044]
shipper:
3，topbeat配置文件
input:
# in seconds, defines how often to read server statistics
period: 10
# regular expression to match the processes that are monitored
# by default, all the processes are monitored
procs: [.*]
# statistics to collect (all enabled by default)
stats:
system: true
proc: true
filesystem: true
output:
### elasticsearch as output
elasticsearch:
hosts: [192.168.0.58:9200]
shipper:
logging:
files:
rotateeverybytes: 10485760 # = 10mb
二，服务端配置
1，logstash配置文件
[root@localhost logstash]# cat /etc/logstash/conf.d/nginxconf.json
input {
beats {
port => 5044
codec => json
}
}
filter {
mutate {
split => [ upstreamtime, , ]
}
mutate {
convert => [ upstreamtime, float ]
}
}
output {
elasticsearch {
hosts => 192.168.0.58:9200
sniffing => true
manage_template => false
# index => %{[@metadata][beat]}-%{+yyyy.mm.dd}
index => filebeat-%{type}-%{+yyyy.mm.dd}
document_type => %{[@metadata][type]}
}
}
2，elasticsearch配置文件
[root@localhost logstash]# cat /etc/elasticsearch/elasticsearch.yml |grep -ev ^#|^$
path.data: /data
path.logs: /data/elklogs
network.host: 192.168.0.58
http.port: 9200
3，kibana配置文件
[root@localhost config]# cat /var/kibana/config/kibana.yml
# kibana is served by a back end server. this controls which port to use.
server.port: 5601
# the host to bind the server to.
server.host: 0.0.0.0
# the elasticsearch instance to use for all your queries.
elasticsearch.url: http://192.168.0.58:9200
三，tengine反向代理配置
cat /usr/local/nginx/conf/vhosts_all/kibana.conf
server
{
listen 8888;
server_name 192.168.0.58
index index.html index.shtml;
location / {
proxy_pass http://localhost:5601;
proxy_http_version 1.1;
proxy_set_header upgrade $http_upgrade;
proxy_set_header connection 'upgrade';
proxy_set_header host $host;
proxy_cache_bypass $http_upgrade;
auth_basic please input username and password;
auth_basic_user_file /usr/local/nginx/conf/.pass_file;
}
access_log /data/wwwlogs/access.kibana.log access;
}
四，登陆平台
http://192.168.0.58:8888
1，创建索引
2，创建视图
3，创建面板
http://www.bkjia.com/phpjc/1081463.htmlwww.bkjia.comtruehttp://www.bkjia.com/phpjc/1081463.htmltecharticleelk stack最新版本测试二配置篇 阅读本文前请浏览 详细配置如下： http://blog.chinaunix.net/uid-25057421-id-5567766.html 一，客户端 1，nginx日志格式...