nginx日志收集
# cat /data/PRG/logstash/conf.d/filter.conf input { beats { port => 10200} } filter { grok { match => { message => "%{IPORHOST:remote_addr} , \[%{HTTPDATE:timestamp}\] , %{IPORHOST:http_host} , \"%{WORD:http_verb} (?:%{PATH:baseurl}\?%{NOTSPACE:params}|%{DATA:raw_http_request})\" , %{NUMBER:http_status_code} , %{NUMBER:bytes_read} , %{QS:referrer} , %{QS:agent} , \"%{IPORHOST:client_ip}, %{IPORHOST:proxy_server}\" , - , - , - , %{IPORHOST:server_ip} , %{BASE10NUM:request_duration}" } match => { message => "%{IPORHOST:remote_addr} , \[%{HTTPDATE:timestamp}\] , %{IPORHOST:http_host} , \"%{WORD:http_verb} (?:%{PATH:baseurl}\?%{NOTSPACE:params}|%{DATA:raw_http_request})\" , %{NUMBER:http_status_code} , %{NUMBER:bytes_read} , %{QUOTEDSTRING:referrer} , %{QS:agent} , \"%{IPORHOST:client_ip}, %{IPORHOST:proxy_server}\" , %{IPORHOST}:%{INT} , %{INT} , %{BASE10NUM} , %{IPORHOST} , %{BASE10NUM:request_duration}" } } } output { elasticsearch { hosts => ["192.168.62.200:9200"] index => "operation-%{+YYYY.MM.dd}"document_type => "nginx2"user => 'admin' #### elasticsearch的用户名,用X-PACK插件创建 password => 'kbsonlong' #### elasticsearch的用户名 } stdout { codec => rubydebug } } 六、 安装kibana # cd /data/PRG/# tar zxvf /data/elk5.0/kibana-5.0.2-linux-x86_64.tar.gz # mv kibana-5.0.2-linux-x86_64 kibana # useradd kibana –s /sbin/nologin # chown kibana. kibana /data/PRG/kibana添加启动脚本