55 logstach应用详解ELK Stack
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了55 logstach应用详解ELK Stack相关的知识,希望对你有一定的参考价值。
01 logstash应用详解
配置环境:
node3 192.168.1.133 CentOS Linux release 7.2
node4 192.168.1.134 CentOS Linux release 7.2
[[email protected] ~]# cd /etc/logstash/conf.d/
[[email protected] conf.d]# vim filesample.conf
input {
file {
path => ["/var/log/messages"]
type => "system"
start_position => "beginning"
}
}
output {
stdout {
codec => rubydebug
}
}
[[email protected] conf.d]# logstash -f filesample.conf --configtest
Configuration OK
[[email protected] ~]# rpm -ivh epel-release-latest-7.noarch.rpm
[[email protected] ~]# yum -y install collectd
[[email protected] ~]# vim /etc/collectd.conf
修改
#Hostname "localhost"
为
Hostname "node3"
修改
#LoadPlugin df
为
LoadPlugin df #监控磁盘
修改
#LoadPlugin network
为
LoadPlugin network
在<Plugin netlink>程序端后添加
<Plugin network>
<Server "192.168.1.134" "25826">
</Server>
</Plugin>
[[email protected] ~]# systemctl start collectd.service
[[email protected] conf.d]# vim udpsample.conf
input {
udp {
port => 25826
codec => collectd {}
type => "collectd"
}
}
output {
stdout {
codec => rubydebug
}
}
[[email protected] conf.d]# logstash -f udpsample.conf --configtest
Configuration OK
[[email protected] conf.d]# logstash -f udpsample.conf
[[email protected] conf.d]# yum -y install httpd
[[email protected] conf.d]# systemctl start httpd.service
[[email protected] conf.d]# vim groksample.conf
input {
stdin {}
}
filter {
grok {
match => { "message" => "%{IP:clientip} %{WORD:method} %{URIPATHPARAM:request} %{NUMBER:bytes} %{NUMBER:duration}" }
}
}
output {
stdout {
codec => rubydebug
}
}
[[email protected] conf.d]# logstash -f groksample.conf --configtest
Configuration OK
[[email protected] conf.d]# logstash -f groksample.conf
Logstash startup completed
1.1.1.1 GET /index.html 30 0.23
{
"message" => "1.1.1.1 GET /index.html 30 0.23",
"@version" => "1",
"@timestamp" => "2017-01-03T13:37:24.978Z",
"host" => "node4",
"clientip" => "1.1.1.1",
"method" => "GET",
"request" => "/index.html",
"bytes" => "30",
"duration" => "0.23"
}
[[email protected] conf.d]# vim apachelogsample.conf
input {
file {
path => ["/var/log/httpd/access_log"]
type => "apachelog"
start_position => "beginning"
}
}
filter {
grok {
match => { "message" => "%{COMBINEDAPACHELOG}" }
}
}
output {
stdout {
codec => rubydebug
}
}
[[email protected] conf.d]# logstash -f apachelogsample.conf --configtest
Configuration OK
[[email protected] conf.d]# vim /opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.3.0/patterns/grok-patterns
在末尾添加
# nginx Logs
NGUSERNAME [a-zA-Z\.\@\-\+_%]+
NGUSER %{NGUSERNAME}
NGINXACCESS %{IPORHOST:clientip} - %{NOTSPACE:remote_user} \[%{HTTPDATE:timestamp}\] "(?:%{WORD:verb} %{NOTSPACE:request}(?: HTTP/%{NUMBER:httpversion})?|%{DATA:rawrequest})\" %{NUMBER:response} (?:%{NUMBER:bytes}|-) %{QS:referrer} %{OS:agent} %{NOTSPACE:http_x_forwarded_for}
[[email protected] conf.d]# systemctl stop httpd.service
[[email protected] conf.d]# yum -y install nginx
[[email protected] conf.d]# systemctl start nginx.service
[[email protected] conf.d]# cd /var/log/nginx/
[[email protected] nginx]# ls
access.log error.log
[[email protected] nginx]# tail access.log
192.168.1.204 - - [03/Jan/2017:22:18:03 +0800] "GET / HTTP/1.1" 200 3700 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C)" "-"
192.168.1.204 - - [03/Jan/2017:22:18:03 +0800] "GET /nginx-logo.png HTTP/1.1" 200 368 "http://192.168.1.134/" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C)" "-"
192.168.1.204 - - [03/Jan/2017:22:18:03 +0800] "GET /poweredby.png HTTP/1.1" 200 2811 "http://192.168.1.134/" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C)" "-"
[[email protected] conf.d]# cd -
[[email protected] conf.d]# cp apachelogsample.conf nginxlogsample.conf
[[email protected] conf.d]# vim nginxlogsample.conf
input {
file {
path => ["/var/log/nginx/access.log"]
type => "nginxlog"
start_position => "beginning"
}
}
filter {
grok {
match => { "message" => "%{NGINXACCESS}" }
}
}
output {
stdout {
codec => rubydebug
}
}
[[email protected] conf.d]# logstash -f nginxlogsample.conf
02 ELK Stack
[[email protected] ~]# yum install redis
[[email protected] ~]# vim /etc/redis.conf
修改
bind 127.0.0.1
为
bind 0.0.0.0
[[email protected] ~]# systemctl start redis.service
[[email protected] ~]# redis-cli
127.0.0.1:6379> help
redis-cli 2.8.19
Type: "help @<group>" to get a list of commands in <group>
"help <command>" for help on <command>
"help <tab>" to get a list of possible help topics
"quit" to exit
[[email protected] ~]# cd /etc/logstash/conf.d/
[[email protected] conf.d]# cp nginxlogsample.conf nglogredissample.conf
[[email protected] conf.d]# vim nglogredissample.conf
input {
file {
path => ["/var/log/nginx/access.log"]
type => "nginxlog"
start_position => "beginning"
}
}
filter {
grok {
match => { "message" => "%{NGINXACCESS}" }
}
}
output {
redis {
port => 6379
host => ["127.0.0.1"]
data_type => "list"
key => "logstash-%[type]"
}
}
[[email protected] conf.d]# logstash -f nglogredissample.conf --configtest
Configuration OK
[[email protected] ~]# vim /etc/profile.d/java.sh
export JAVA_HOME=/usr
[[email protected] ~]# yum install -y logstash-1.5.4-1.noarch.rpm
[[email protected] ~]# cd /etc/logstash/conf.d/
[[email protected] conf.d]# vim server.conf
input {
redis {
port => "6370"
host => "192.168.1.134"
data_type => "list"
key => "logstash-nginxlog"
}
}
output {
stdout {
codec => rubydebug
}
}
[[email protected] conf.d]# vim /etc/profile.d/logstash.sh
export PATH=/opt/logstash/bin:$PATH
[[email protected] conf.d]# . /etc/profile.d/logstash.sh
[[email protected] conf.d]# logstash -f server.conf --configtest
Configuration OK
[[email protected] ~]# yum makecache
[[email protected] ~]# yum install java-1.7.0-openjdk-devel.x86_64
[[email protected] ~]# vim /etc/profile.d/java.sh
export JAVA_HOME=/usr
[[email protected] ~]# yum install elasticsearch-1.7.2.noarch.rpm -y
[[email protected] ~]# vim /etc/elasticsearch/elasticsearch.yml
修改
#cluster.name: elasticsearch
为
cluster.name: loges
修改
#node.name: "Franz Kafka"
为
node.name: "node1"
[[email protected] ~]# systemctl daemon-reload
[[email protected] ~]# systemctl start elasticsearch.service
[[email protected] ~]# /usr/share/elasticsearch/bin/plugin -i bigedsk -u file:///root/bigdesk-latest.zip
[[email protected] ~]# tar xf kibana-4.1.2-linux-x64.tar.gz -C /usr/local/
[[email protected] ~]# cd /usr/local/
[[email protected] local]# ln -s kibana-4.1.2-linux-x64/ kibana
[[email protected] local]# cd kibana
[[email protected] kibana]# ls
bin config LICENSE.txt node plugins README.txt src
[[email protected] kibana]# cd config/
[[email protected] config]# vim kibana.yml
修改
elasticsearch_url: "http://localhost:9200"
为
elasticsearch_url: "http://192.168.1.131:9200"
#启动
[[email protected] kibana]# /usr/local/kibana/bin/kibana
[[email protected] conf.d]# vim server.conf
input {
redis {
port => "6370"
host => "192.168.1.134"
data_type => "list"
key => "logstash-nginxlog"
}
}
output {
elasticsearch {
cluster => "loges"
index => "logstash-%{+YYYY.MM.dd}"
}
}
[[email protected] conf.d]# logstash -f server.conf --configtest
Configuration OK
[[email protected] conf.d]# logstash -f server.conf
[[email protected] ~]# curl -XGET ‘localhost:9200/_cat/indices‘
yellow open .kibana 1 1 1 0 2.4kb 2.4kb
该节视频到71:55(65382)由于错误太多无法继续进行
本文出自 “追梦” 博客,请务必保留此出处http://sihua.blog.51cto.com/377227/1889869
以上是关于55 logstach应用详解ELK Stack的主要内容,如果未能解决你的问题,请参考以下文章
Elastic (ELK)Stack 实战之 Dubbo 全链路监控
Centos 7 部署ELK Stack+beats+kafka
精通springcloud:分布式日志记录和跟踪使用,ELK Stack集中日志