修改nginx配置
把nginx日志修改成json格式,在nginx.conf中添加如下内容,重启nginx。
log_format log_json '{"@timestamp":"$time_iso8601",'
'"http_host":"$http_host",'
'"clientip":"$remote_addr",'
'"request":"$request",'
'"status":"$status",'
'"size":"$body_bytes_sent",'
'"upstream_addr":"$upstream_addr",'
'"upstream_status":"$upstream_status",'
'"upstream_response_time":"$upstream_response_time",'
'"request_time":"$request_time",'
'"http_referer":"$http_referer",'
'"http_user_agent":"$http_user_agent",'
'"http_x_forwarded_for":"$http_x_forwarded_for"}';
安装logstash
打开国内加速下载地址 https://mirrors.huaweicloud.com/logstash/ 安装你想要的版本,适合的操作系统。我的centos7直接下载rpm包后rpm -ivh logstash-7.17.2-x86_64.rpm
添加logstash配置
进入/etc/logstash/conf.d 添加nginx.conf配置,需要注意的是索引名字必须为logstash开头,在绘制地图图形的时候才可以正常使用。
input {
file {
path => "/www/wwwlogs/*access"
start_position => "end"
exclude => "*.gz"
type => "access_log"
}
file {
path => "/www/wwwlogs/*error"
start_position => "end"
exclude => "*.gz"
type => "error_log"
}
}
filter {
json {
source => "message"
}
grok {
match => { "message" => "%{COMBINEDAPACHELOG}"}
}
geoip {
source => "clientip"
database =>"/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-filter-geoip-7.2.12-java/vendor/GeoLite2-City.mmdb"
add_field => ["[geoip][coordinates]","%{[geoip][longitude]}"] # 获取经度
add_field => ["[geoip][coordinates]","%{[geoip][latitude]}"] # 获取纬度
fields => ["country_name","region_name","location"]
}
mutate {
convert => ["[geoip][coordinates]","float"] # 修改经纬度为浮点数
}
}
output {
#stdout {
# codec => rubydebug
#}
if "access_log" in [type] {
elasticsearch {
hosts => ["10.128.0.116:9200"]
index => "logstash-nginx-access-%{+YYYY.MM.dd}"
}
}
if "error_log" in [type] {
elasticsearch {
hosts => ["10.128.0.116:9200"]
index => "logstash-nginx-error-%{+YYYY.MM.dd}"
}
}
}
安装elasticsearch kibana
方法同上,自己看着弄吧。记得优化kibana启动内存,elasticsearch的jvm.options配置。免得太卡。
配置kibana
原创文章,作者:ItWorker,如若转载,请注明出处:https://blog.ytso.com/tech/aiops/280889.html