Logstash收集Nginx访问日志(2)

#添加nginx日志格式到之前logstash的elk-log.yml
[root@elk-node1 ~]# cat /etc/logstash/conf.d/elk_log.conf
input {
    file {
      path => "/var/log/messages"
      type => "system"
      start_position => "beginning"
    }
    file {
      path => "/var/log/elasticsearch/hejianlai.log"
      type => "es-error"
      start_position => "beginning"
      codec => multiline {
          pattern => "^\["
          negate => true
          what => "previous"
        }
    }
      file {
      path => "/var/log/nginx/access_json.log"
      codec => json
      start_position => "beginning"
      type => "nginx-log"
    }
}
output {
   
    if [type] == "system"{
        elasticsearch {
          hosts => ["192.168.247.135:9200"]
          index => "systemlog-%{+YYYY.MM.dd}"
        }
    }
 
    if [type] == "es-error"{
        elasticsearch {
          hosts => ["192.168.247.135:9200"]
          index => "es-error-%{+YYYY.MM.dd}"
        }
    }
      if [type] == "nginx-log"{
        elasticsearch {
          hosts => ["192.168.247.135:9200"]
          index => "nginx-log-%{+YYYY.MM.dd}"
        }
    }
}

 #添加--configtest参数检查配置语法是否有误！！！
[root@elk-node1 ~]# /opt/logstash/bin/logstash -f /etc/logstash/conf.d/elk_log.conf --configtest
Configuration OK
#把之前后台运行的进程kill掉重启：
[root@elk-node1 ~]# ps aux|grep elk
root      3248  0.8  6.0 3632960 234924 pts/2  Sl  11:25  1:10 /usr/local/java/jdk1.8.0_171/bin/java -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -Djava.awt.headless=true -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -XX:+HeapDumpOnOutOfMemoryError -Xmx1g -Xss2048k -Djffi.boot.library.path=/opt/logstash/vendor/jruby/lib/jni -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -Djava.awt.headless=true -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/opt/logstash/heapdump.hprof -Xbootclasspath/a:/opt/logstash/vendor/jruby/lib/jruby.jar -classpath ::/usr/local/java/jdk1.8.0_171/lib:/usr/local/java/jdk1.8.0_171/jre/lib -Djruby.home=/opt/logstash/vendor/jruby -Djruby.lib=/opt/logstash/vendor/jruby/lib -Djruby.script=jruby -Djruby.shell=/bin/sh org.jruby.Main --1.9 /opt/logstash/lib/bootstrap/environment.rb logstash/runner.rb agent -f /etc/logstash/conf.d/elk_log.conf
root      8135  0.0  0.0 112704  976 pts/0    S+  13:38  0:00 grep --color=auto elk
[root@elk-node1 ~]# kill -9 3248
You have new mail in /var/spool/mail/root
[root@elk-node1 ~]# /opt/logstash/bin/logstash -f /etc/logstash/conf.d/elk_log.conf &
[1] 8178

kibana添加nginx日志

首先在es插件中我们能看到nginx-log的索引

 设置kibana

Linux公社的RSS地址：https://www.linuxidc.com/rssFeed.aspx