Logstash+Kibana日志系统部署配置
Logstash是一个接收,处理,转发日志的工具。支持系统日志,webserver日志,错误日志,应用日志,总之包括所有可以抛出来的日志类型。
典型的使用场景下(ELK):
用Elasticsearch作为后台数据的存储,kibana用来前端的报表展示。Logstash在其过程中担任搬运工的角色,它为数据存储,报表查询和日志解析创建了一个功能强大的管道链。Logstash提供了多种多样的 input,filters,codecs和output组件,让使用者轻松实现强大的功能。
学习Logstash最好的资料就是官网,介绍三个学习地址:
1、ELK官网帮助文档
https://www.elastic.co/guide/en/logstash/5.1/plugins-outputs-stdout.html
下面就正式开始主题~~
logstash部署配置
1、基础环境支持(JAVA)
yum -y install java-1.8* java --version
2、下载解压logstash
logstash-5.0.1.tar.gz tar -zxvf logstash-5.0.1.tar.gz cd logstash-5.0.1 mkdir conf #创建conf文件夹存放配置文件 cd conf
3、配置文件
配置test文件(结合前面搭建好的ES集群测试)
[root@logstash1 conf]# cat test.conf input { stdin { } } output { elasticsearch { hosts =>["172.16.81.133:9200","172.16.81.134:9200"] index => "test-%{+YYYY.MM.dd}" } stdout { codec => rubydebug } } #检查配置文件语法 [root@logstash1 conf]# /opt/logstash-5.0.1/bin/logstash -f /opt/logstash-5.0.1/conf/test.conf --config.test_and_exit Sending Logstash's logs to /opt/logstash-5.0.1/logs which is now configured via log4j2.properties Configuration OK [2017-12-26T11:42:12,816][INFO ][logstash.runner ] Using config.test_and_exit mode. Config Validati on Result: OK. Exiting Logstash #执行命令 /opt/logstash-5.0.1/bin/logstash -f /opt/logstash-5.0.1/conf/test.conf 手动输入信息 2017.12.26 admin 172.16.81.82 200 结果: { "@timestamp" => 2017-12-26T03:45:48.926Z, "@version" => "1", "host" => "0.0.0.0", "message" => "2017.12.26 admin 172.16.81.82 200", "tags" => [] } 配置kafka集群的logstash配置文件 客户端logstash推送日志 #配置客户端logstash配置文件 [root@www conf]# cat nginx_kafka.conf input { file { type => "access.log" path => "/var/log/nginx/imlogin.log" start_position => "beginning" } } output { kafka { bootstrap_servers => "172.16.81.131:9092,172.16.81.132:9092" topic_id => 'summer' } }
配置服务端logstash过滤分割日志
[root@logstash1 conf]# cat kafka.conf input { kafka { bootstrap_servers => "172.16.81.131:9092,172.16.81.132:9092" group_id => "logstash" topics => ["summer"] consumer_threads => 50 decorate_events => true } } filter { grok { match => { "message" => "%{NOTSPACE:accessip} \- \- \[%{HTTPDATE:time}\] %{NOTSPACE:auth} %{NOTSPACE:uri_stem} %{NOTSPACE:agent} %{WORD:status} %{NUMBER:bytes} %{NOTSPACE:request_url} %{NOTSPACE:browser} %{NOTSPACE:system} %{NOTSPACE:system_type} %{NOTSPACE:tag} %{NOTSPACE:system}" } } date { match => [ "logdate", "MMM dd YYYY HH:mm:ss" ] } } output { elasticsearch { hosts => ["172.16.81.133:9200","172.16.81.134:9200"] index => "logstash-%{+YYYY.MM.dd}" } }
然后再es集群上观察消费情况
[root@es1 ~]# curl -XGET '172.16.81.134:9200/_cat/indices?v&pretty' health status index uuid pri rep docs.count docs.deleted store.size pri.store.size green open logstash-2017.12.29.03 waZfJChvSY2vcREQgyW7zA 5 1 1080175 0 622.2mb 311.1mb green open logstash-2017.12.29.06 Zm5Jcb3DSK2Ws3D2rYdp2g 5 1 183 0 744.2kb 372.1kb green open logstash-2017.12.29.04 NFimjo_sSnekHVoISp2DQg 5 1 1530 0 2.7mb 1.3mb green open .kibana YN93vVWQTESA-cZycYHI6g 1 1 2 0 22.9kb 11.4kb green open logstash-2017.12.29.05 kPQAlVkGQL-izw8tt2FRaQ 5 1 1289 0 2mb 1mb
配合ES集群的head插件使用!!观察日志生成情况!!
4、kibana安装部署
下载rpm包
kibana-5.0.1-x86_64.rpm
安装kibana软件
rpm -ivh kibana-5.0.1-x86_64.rpm
配置文件
[root@es1 opt]# cat /etc/kibana/kibana.yml | grep -v "^#" | grep -v "^$" server.port: 5601 server.host: "172.16.81.133" elasticsearch.url: "http://172.16.81.133:9200"
启动kibana
systemctl start kibana systemctl enable kibana
浏览器浏览
http://172.16.81.133:5601/
正常显示数据!!
有问题请指出!出现了很多IP地址不知道可以查看本站的文章!
Elasticsearch 教程系列文章:
ElasticSearch 的详细介绍:请点这里
ElasticSearch 的下载地址:请点这里
相关推荐
技术与更多 2020-04-15
goodstudy 2020-08-19
weikaixxxxxx 2020-08-01
liulin0 2020-07-26
AFei00 2020-07-26
娜娜 2020-07-20
偏头痛杨 2020-07-18
winxcoder 2020-07-18
superviser000 2020-06-28
liulin0 2020-06-25
liulin0 2020-06-16
wangfengqingyang 2020-06-11
cullinans 2020-06-09
winxcoder 2020-06-08
citic 2020-06-06
goodstudy 2020-06-05
superviser000 2020-05-30
yuzhongdelei0 2020-05-15
wzhwangzhuohui 2020-05-12