elkstack实战---集中管理nginx访问日志及报表展示
一、nginx访问日志,格式调整为json# cat /opt/config/tengine/nginx.conf |grep json
log_format json '{"@timestamp":"$time_iso8601",'
'"host":"$server_addr",'
'"method":"$request_method",'
'"url":"$request",'
'"clientip":"$http_x_forwarded_for",'
'"protocol":"$server_protocol",'
'"useragent":"$http_user_agent",'
'"referer":"$http_referer",'
'"http_host":"$host",'
'"status":"$status",'
'"size":"$body_bytes_sent",'
'"responsetime":"$request_time",'
'"visitorid":"$51autoVisitorId"}';
二、配置logstash,日志收集、处理、存储
cat /opt/config/logstash/www-nginx-access.conf
input {
file {
path => "/opt/logs/tengine/www.51auto.com.log"
type => "nginx-access"
start_position => "beginning"
codec => "json"
}
}
filter {
mutate {
convert => ["size","float"]
convert => ["status","float"]
}
}
output {
if == "nginx-access" {
elasticsearch {
hosts => ["xxxxx:9200","xxxxx:9200"]
index => "www-nginx-access-%{+YYYY-MM}"
}
}
}
三、elasticseach查看收集上来的索引信息
四、kibana报表展示,是不是很漂亮。。
页:
[1]