5分钟部署filebeat + ELK 5.1.1
elasticsearch-5.1.1/conf/elasticsearch.yml
# ---------------------------------- Network -----------------------------------
#
# Set the bind address to a specific IP (IPv4 or IPv6):
#
network.host: 0.0.0.0
#
# Set a custom port for HTTP:
#
http.port: 9200
启动(可以放到supervisor下监管):
elasticsearch-5.1./bin/elasticsearch
sudo vim /etc/sysctl.conf
添加 vm.max_map_count=262144
sudo sysctl -p
sudo vim /etc/security/limits.conf
* soft nofile 65536
* hard nofile 65536
input {
beats {
port => 5044
}
}
filter {
if [fields][logIndex] == "nginx" {
grok {
patterns_dir => "/home/elk/apps/logstash-5.1.1/patterns"
match => {
"message" => "%{NGINXACCESS}"
}
}
urldecode {
charset => "UTF-8"
field => "url"
}
if [upstreamtime] == "" or [upstreamtime] == "null" {
mutate {
update => { "upstreamtime" => "0" }
}
}
date {
match => ["logtime", "dd/MMM/yyyy:HH:mm:ss Z"]
target => "@timestamp"
}
mutate {
convert => {
"responsetime" => "float"
"upstreamtime" => "float"
"size" => "integer"
}
remove_field => ["port","logtime","message"]
}
}
}
output {
elasticsearch {
hosts => "{your-es-ip}:9200"
manage_template => false
index => "%{[fields][logIndex]}-%{+YYYY.MM.dd}"
document_type => "%{[fields][docType]}"
}
}
这里使用grok解析nginx日志
nginx日志格式:
log_format app_log_format '[$time_local] $server_addr $remote_addr $body_bytes_sent $request_time $upstream_response_time '
'$upstream_addr $upstream_status "$request_uri" "$http_x_forwarded_for" "$http_referer" "$http_user_agent" $status';
配置grok的自定义pattern(可以使用grok debugger工具进行验证 http://grokdebug.herokuapp.com/):
vim logstash-5.1./patterns/nginx
NGINXACCESS \[%{HTTPDATE:logtime}\] %{IPORHOST:host} %{IPORHOST:remoteaddr} (?:%{NUMBER:size}|-) %{NUMBER:responsetime} (?:%{NUMBER:upstreamtime}|-) %{URIHOST:upstreamhost} %{BASE10NUM:upstreamstatus} %{QS:url} %{QS:clientip} %{QS:referrer} %{QS:agent} %{INT:status}
启动(可以放到supervisor下监管):
logstash-5.1./bin/logstash -f logstash-5.1./conf.d/pro-log.conf
3. 安装filebeat,filebeat可以直接使用yum安装。
配置yum源:
vim /etc/yum.repos.d/elastic5.repo
[elasticsearch-.x]
name=Elasticsearch repository for .x packages
baseurl=https://artifacts.elastic.co/packages/5.x/yum
gpgcheck=
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=
autorefresh=
type=rpm-md
安装
sodu yum install filebeat
配置(默认开始output到es,需要注释掉)
sudo vim /etc/filebeat/filebeat.yml filebeat.prospectors: # Each - is a prospector. Most options can be set at the prospector level, so
# you can use different prospectors for various configurations.
# Below are the prospector specific configurations. - input_type: log # Paths that should be crawled and fetched. Glob based paths.
paths:
- /opt/nginx/logs/app.access.log
fields:
logIndex: nginx
docType: nginx-access
project: app-nginx
#----------------------------- Logstash output --------------------------------
output.logstash:
# The Logstash hosts
hosts: ["{your-logstash-ip}:5044"]
启动
sudo systemctl start filebeat
server.port: 5601
server.host: 0.0.0.0
elasticsearch.url: "http://{your-es-ip}:9200"
启动(可以放到supervisor下监管)
kibana-5.1.-linux-x86_64/bin/kibana
5. (选择性安装)安装x-pack,x-pack包含了security(需要用户名密码访问kibana)、watcher(监控报警)等插件
elasticsearch.5.1./bin/elasticsearch-plugin install file:///home/elk/apps/x-pack-5.1.1.zip
kibana-5.1./bin/kibana-plugin install file:///home/elk/apps/x-pack-5.1.1.zip
xpack.security.enabled: false
最后贴两张kibana统计查询nginx日志得出的api调用次数,及平均响应时间图表。
5分钟部署filebeat + ELK 5.1.1的更多相关文章
- helm部署Filebeat + ELK
helm部署Filebeat + ELK 系统架构图: 1) 多个Filebeat在各个Node进行日志采集,然后上传至Logstash 2) 多个Logstash节点并行(负载均衡,不作为集群),对 ...
- Filebeat+ELK部署文档
在日常运维工作中,对于系统和业务日志的处理尤为重要.今天,在这里分享一下自己部署的Filebeat+ELK开源实时日志分析平台的记录过程,有不对的地方还望指出. 简单介绍: 日志主要包括系统日志.应用 ...
- filebeat + ELK 部署篇
ELK Stack Elasticsearch:分布式搜索和分析引擎,具有高可伸缩.高可靠和易管理等特点.基于 Apache Lucene 构建,能对大容量的数据进行接近实时的存储.搜索和分析操作.通 ...
- linux单机部署kafka(filebeat+elk组合)
filebeat+elk组合之kafka单机部署 准备: kafka下载链接地址:http://kafka.apache.org/downloads.html 在这里下载kafka_2.12-2.10 ...
- Kafka+Zookeeper+Filebeat+ELK 搭建日志收集系统
ELK ELK目前主流的一种日志系统,过多的就不多介绍了 Filebeat收集日志,将收集的日志输出到kafka,避免网络问题丢失信息 kafka接收到日志消息后直接消费到Logstash Logst ...
- docker stack 部署 filebeat
=============================================== 2018/7/21_第3次修改 ccb_warlock 更新 ...
- Filebeat+ELK
Filebeat+ELK filebeat是logstash的升级版,从功能上来说肯定不如logstash,但是logstah比较耗费资源: filebeat安装 暂时依托于window系统 下载fi ...
- FILEBEAT+ELK日志收集平台搭建流程
filebeat+elk日志收集平台搭建流程 1. 整体简介: 模式:单机 平台:Linux - centos - 7 ELK:elasticsearch.logstash.kiban ...
- 使用docker部署filebeat和logstash
想用filebeat读取项目的日志,然后发送logstash.logstash官网有相关的教程,但是docker部署的教程都太简洁了.自己折腾了半天,踩了不少坑,总算是将logstash和filebe ...
随机推荐
- 在Ubuntu中,用mvn打包hadoop源代码时报错,正在解决中!!!
报错信息如下: (各种配置在最后面) hadoop@administrator-virtual-machine:~/Downloads/tar/hadoop-3.0.0-alpha1-src$ mvn ...
- IE6 IE7下li间距、高度不一致问题(转)
http://www.phpddt.com/dhtml/926.html 问题描述:li的高度在IE6 IE7间距高度和其他浏览器不一致,即便设定了高度,IE6,7中,仍比其他浏览器要高. 解决方法: ...
- 刷题总结——you are the one(hdu4283)
题目: The TV shows such as You Are the One has been very popular. In order to meet the need of boys wh ...
- bzoj1433 [ZJOI2009]假期的宿舍 最大流
[ZJOI2009]假期的宿舍 Time Limit: 10 Sec Memory Limit: 162 MBSubmit: 3429 Solved: 1459[Submit][Status][D ...
- mysql 查询死锁语句
我们可以用下面三张表来查原因: innodb_trx ## 当前运行的所有事务 innodb_locks ## 当前出现的锁 innodb_lock_wait ...
- Java-堆排序
public class Main { public static void main(String[] args) { int a[] = {8, 2, 5, 6, 4, 8, 9, 7, 14, ...
- es6总结(七)--proxy & reflect
- Python入门--20--类、对象
OO=Object Oriented 面向对象 python是面向对象的编程语言 OO的特征: 1.封装:把一堆东西都扔到一起,变为一个类 2.继承:假如一个类里面 3.多态:不同的类有相同名称的函数 ...
- [react-router] 平时积累
path通配符: <Route path="/hello/:name"> // 匹配 /hello/michael // 匹配 /hello/ryan <Rout ...
- OS | 冯诺伊曼体系和哈佛体系
冯·诺伊曼结构(von Neumann architecture),也称普林斯顿结构,是一种将程序指令存储器和数据存储器合并在一起的计算机设计概念结构.本词描述的是一种实现通用图灵机的计算设备,以及一 ...