1 Kibana的显示配置

https://demo.elastic.co/app/kibana#/dashboard/welcome_dashboard

环境先处理干净

安装nginx和httpd-tools

2 使用压测工具产生日志

[root@node4 ~]# ab -n 100 -c 100 http://192.168.132.134/

This is ApacheBench, Version 2.3 <$Revision: 1430300 $>

Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/

Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking 192.168.132.134 (be patient).....done

Server Software:        nginx/1.16.1

Server Hostname:        192.168.132.134

Server Port:            80

Document Path:          /

Document Length:        612 bytes

Concurrency Level:      100

Time taken for tests:   0.011 seconds

Complete requests:      100

Failed requests:        0

Write errors:           0

Total transferred:      84500 bytes

HTML transferred:       61200 bytes

Requests per second:    9071.12 [#/sec] (mean)

Time per request:       11.024 [ms] (mean)

Time per request:       0.110 [ms] (mean, across all concurrent requests)

Transfer rate:          7485.44 [Kbytes/sec] received

Connection Times (ms)

              min  mean[+/-sd] median   max

Connect:        0    3   0.5      3       3

Processing:     2    3   1.1      2       5

Waiting:        0    3   1.2      2       5

Total:          4    6   0.7      5       7

WARNING: The median and mean for the total time are not within a normal deviation

        These results are probably not that reliable.

Percentage of the requests served within a certain time (ms)

  50%      5

  66%      6

  75%      6

  80%      7

  90%      7

  95%      7

  98%      7

  99%      7

 100%      7 (longest request)

[root@node4 ~]# tail -f /usr/local/nginx/logs/access.log

192.168.132.181 - - [18/Jan/2020:21:47:23 -0500] "GET / HTTP/1.0" 200 612 "-" "ApacheBench/2.3"

192.168.132.181 - - [18/Jan/2020:21:47:23 -0500] "GET / HTTP/1.0" 200 612 "-" "ApacheBench/2.3"

192.168.132.181 - - [18/Jan/2020:21:47:23 -0500] "GET / HTTP/1.0" 200 612 "-" "ApacheBench/2.3"

3 安装filebeat

[root@node4 src]# wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.5.1-x86_64.rpm

[root@node4 src]# rpm -ivh filebeat-7.5.1-x86_64.rpm

[root@node4 src]# rpm -qc filebeat

[root@node4 src]# cd /etc/filebeat/

[root@node4 filebeat]# cp filebeat.yml /opt/

[root@node4 filebeat]# grep -Ev "^$|[#;]" filebeat.yml

filebeat.inputs:

- type: log

  enabled: true

  paths:

    - /usr/local/nginx/logs/access.log

filebeat.config.modules:

  path: ${path.config}/modules.d/*.yml

  reload.enabled: false

setup.template.settings:

  index.number_of_shards: 1

setup.kibana:

output.elasticsearch:

  hosts: ["192.168.132.131:9200","192.168.132.132:9200","192.168.132.133:9200"]

processors:

  - add_host_metadata: ~

  - add_cloud_metadata: ~

  - add_docker_metadata: ~

  - add_kubernetes_metadata: ~

[root@node4 filebeat]# systemctl restart filebeat

使用kibana查看

访问:http://192.168.132.131:5601/app/kibana

对于一些基本的操作,再前面的学习中已经演示,参看前面的学习实验

4 配置nginx的日志改为json格式

log_format access_json '{"@timestamp":"$time_iso8601",'

                           '"host":"$server_addr",'

                           '"clientip":"$remote_addr",'

                           '"size":$body_bytes_sent,'

                           '"responsetime":$request_time,'

                           '"upstreamtime":"$upstream_response_time",'

                           '"upstreamhost":"$upstream_addr",'

                           '"http_host":"$host",'

                           '"url":"$uri",'

                           '"domain":"$host",'

                           '"xff":"$http_x_forwarded_for",'

                           '"referer":"$http_referer",'

                           '"status":"$status"}';

添加日志格式

访问后

{"@timestamp":"2020-01-18T23:33:57-05:00","host":"192.168.132.134","clientip":"192.168.132.1","size":0,"responsetime":0.000,"upstreamtime":"-","upstreamhost":"-","http_host":"192.168.132.134","url":"/index.html","domain":"192.168.132.134","xff":"-","referer":"-","status":"304"}

安装jq工具

[root@node4 filebeat]# yum -y install jq

[root@node4 ~]# tail -f /usr/local/nginx/logs/access.log |jq .

但是读取的依然是整个的message日志

5 filebeat解析成json格式

[root@node4 ~]# grep -Ev "^$|[#;]" /etc/filebeat/filebeat.yml

filebeat.inputs:

- type: log

  enabled: true

  paths:

    - /usr/local/nginx/logs/access.log

  json.key_under_root: true

  json.overwrite_keys: true

filebeat.config.modules:

  path: ${path.config}/modules.d/*.yml

  reload.enabled: false

setup.template.settings:

  index.number_of_shards: 1

setup.kibana:

output.elasticsearch:

  hosts: ["192.168.132.131:9200","192.168.132.132:9200","192.168.132.133:9200"]

processors:

  - add_host_metadata: ~

  - add_cloud_metadata: ~

  - add_docker_metadata: ~

  - add_kubernetes_metadata: ~

[root@node4 ~]# systemctl restart filebeat

得到格式的日志

ES原始数据

{

"_index": "filebeat-7.5.1",

"_type": "_doc",

"_id": "oq03vG8BcnOPLK2r_2wa",

"_version": 1,

"_score": 1,

"_source": {

"@timestamp": "2020-01-19T05:13:02.912Z",

"json": {

"upstreamtime": "-",

"host": "192.168.132.134",

"@timestamp": "2020-01-19T00:13:01-05:00",

"Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.117 Safari/537.36",

"clientip": "192.168.132.1",

"domain": "192.168.132.134",

"http_host": "192.168.132.134",

"status": "304",

"referer": "-",

"xff": "-",

"responsetime": 0,

"url": "/index.html",

"size": 0,

"upstreamhost": "-"

},

"input": {

"type": "log"

},

"ecs": {

"version": "1.1.0"

},

"host": {

"name": "node4",

"hostname": "node4",

"architecture": "x86_64",

"os": {

"platform": "centos",

"version": "7 (Core)",

"family": "redhat",

"name": "CentOS Linux",

"kernel": "3.10.0-957.27.2.el7.x86_64",

"codename": "Core"

},

"id": "a833bbe7e3634c75ab1b427c4049d056",

"containerized": false

},

"agent": {

"ephemeral_id": "bab448ec-726f-48bf-aa62-0b8fe39c2684",

"hostname": "node4",

"id": "3d856c84-4859-4b20-a25f-4b6c1a8a8108",

"version": "7.5.1",

"type": "filebeat"

},

"log": {

"file": {

"path": "/usr/local/nginx/logs/access.log"

},

"offset": 15601

}

}

}

Kibana显示

使用json格式收集nginx的日志介绍到这里

ELK学习实验014:Nginx日志JSON格式收集的更多相关文章

  1. ELK学习实验015:日志的自定义index配置

    前面使用json格式收集了nginx的日志,但是再index的显示是filebeat-*,现在使用自定义的index进行配置 但是再使用filebeat的7.4版本以后,有一个巨坑,就是按照网络的很多 ...

  2. ElastAlert监控日志告警Web攻击行为---tomcat和nginx日志json格式

    一.ELK安装 1.2 elk配置 logstash自定义配置文件,取名为filebeat_log.conf : input { beats { port => 5044 client_inac ...

  3. elk 入门 - 分析nginx日志 + json格式 + 有调试的意识 + elk7.2.0

    1.本次采用的一台主机,将所有的软件安装一台上进行测试工作. 2.安装部署:https://blog.51cto.com/hwg1227/2299995 3.简单调试 输出rubydebug inpu ...

  4. filebeat收集nginx的json格式日志

    一.在nginx主机上安装filebeat组件 [root@zabbix_server nginx]# cd /usr/local/src/ [root@zabbix_server src]# wge ...

  5. ELK 6安装配置 nginx日志收集 kabana汉化

    #ELK 6安装配置 nginx日志收集 kabana汉化 #环境 centos 7.4 ,ELK 6 ,单节点 #服务端 Logstash 收集,过滤 Elasticsearch 存储,索引日志 K ...

  6. Spring MVC 学习笔记11 —— 后端返回json格式数据

    Spring MVC 学习笔记11 -- 后端返回json格式数据 我们常常听说json数据,首先,什么是json数据,总结起来,有以下几点: 1. JSON的全称是"JavaScript ...

  7. 收集Nginx的json格式日志(五)

    一.配置nginx [root@linux-node1 ~]# vim /etc/nginx/nginx.conf #修改日志格式为json格式,并创建一个nginxweb的网站目录 log_form ...

  8. ELK学习实验018:filebeat收集docker日志

    Filebeat收集Docker日志 1 安装docker [root@node4 ~]# yum install -y yum-utils device-mapper-persistent-data ...

  9. ELK学习实验017:filebeat收集java日志

    收集JAVA格式日志 1 查看Java格式日志 elasticsearch属于Java日志,可以收集elasticsearch作为Java日志范本 [root@node3 ~]# tail -f /u ...

随机推荐

  1. 可读性友好的JavaScript:两个专家的故事

    每个人都想成为专家,但什么才是专家呢?这些年来,我见过两种被称为"专家"的人.专家一是指对语言中的每一个工具都了如指掌的人,而且无论是否有帮助,都一定要用好每一点.专家二也知道每一 ...

  2. 消息中间件-RabbitMQ消息可靠性和插件化机制

    package com.study.rabbitmq.a132.confirm; import com.rabbitmq.client.*; import java.io.IOException; i ...

  3. 消息中间件-RabbitMQ持久化机制、内存磁盘控制

    RabbitMQ持久化机制 RabbitMQ内存控制 RabbitMQ磁盘控制 RabbitMQ持久化机制 重启之后没有持久化的消息会丢失 package com.study.rabbitmq.a13 ...

  4. 研发团队管理:IT研发中项目和产品原来区别那么大,项目级的项目是项目,产品级的项目是产品!!!

    前言   从事IT行业多年,一路从小杂兵成长为大团队Leader,对于研发整个体系比较清楚,其实大多人都经历过但是都忽略了的研发成本管控的一个关键的点就是研发过程中项目级和产品级的区别.   市场基本 ...

  5. Django 模板(Template)

    1. 模板简介 2. 模板语言 DTL 3. 模板继承 4. HTML 转义 5. CSRF 1. 模板简介 作为 Web 开发框架,Django 提供了模板,可以很便利的动态生成 HTML.模版系统 ...

  6. 用Qt(C++)实现如苹果般的亮屏效果

    用Qt(C++)实现如苹果般的亮屏效果 苹果的亮屏效果可能有很多人没注意到,和其他大部分手机或电脑不同的是,苹果的亮屏特效不是简单的亮度变化,而是一个渐亮的过程.详细来说就是,图片中较亮的部分先显示出 ...

  7. 基于MVC框架的JavaWeb网站开发demo项目(JSP+Servlet+JavaBean)

    1.环境配置 Windows10+Eclipse2020+jdk8+Tomcat9+MySQL8+Navicat10 2.需求分析 ①用户登录注册注销(查找.增加) ②显示用户列表(查找) ③显示用户 ...

  8. SpringCloud(七)Stream消息驱动

    Stream消息驱动 概述 屏蔽底层消息中间件的差异,降低切换成本,统一消息的编程模型 官网:https://cloud.spring.io/spring-cloud-static/spring-cl ...

  9. hdu4768 非常规的二分

    题意:       n个社团给同学发传单,同学一共有1--2^31这么多,每个社团有三个数A ,B ,C ,只有 满足 A ,A + C ,A + C + C ...A + KC <= B 的学 ...

  10. hdu1024 最大m子序列和

    题意:      给你一个序列n个数组成,然后让你在里面找到m个子序列,让这m个子序列的和最大. 思路:       dp[i][j]表示的是第j个数字在第i个子序列时的当前最优值. dp[i][j] ...