监控Nginx日志
仅仅列了filter配置块,input与output参考上一个配置
filter {
grok {
match => {
"message" => "%{HTTPD_COMBINEDLOG} \"%{DATA:realclient}\""
}
remove_field => "message"
}
date {
match => ["timestamp","dd/MMM/YYYY:H:m:s Z"]
remove_field => "timestamp"
}
}
监控Tomcat
仅仅列了filter配置块,input与output参考上一个配置
filter {
grok {
match => {
"message" => "%{HTTPD_COMMONLOG}"
}
remove_field => "message"
}
date {
match => ["timestamp","dd/MMM/YYYY:H:m:s Z"]
remove_field => "timestamp"
}
}
五、Kibana
现在已经搭建成在节点安装Logstash并发送到Elasticsearch中去,但是一直使用Head插件来查询、搜索数据也是极其不方便的。最后一步就是用一个更好的图形化展示界面来展示这些数据,那就是Kibana,还是将他放到下一篇文章吧
