效果
版本号:6.0
配置logstash
管道配置
新建文件filebeats.conf
input {
#beats {
# port => 5044
#}
file {
path => [ "/usr/local/logstash/data/access.log" ]
start_position => "beginning"
ignore_older => 0
}
}
filter {
grok {
match => {"message" => "%{COMBINEDAPACHELOG}"}
}
geoip {
source => "clientip"
target => "geoip"
#database => "/usr/local/logstash/GeoLiteCity.dat"
add_field => ["[geoip][coordinates]", "%{[geoip][longitude]}"]
add_field => ["[geoip][coordinates]", "%{[geoip][latitude]}"]
}
mutate {
convert => ["[geoip][coordinates]", "float"]
convert => ["response","integer"]
convert => ["bytes","integer"]
replace => {"type" => "nginx_access"}
remove_field => "message"
}
date {
match => ["create_at", "yyyy-MM-dd HH:mm:ss,SSS", "UNIX"]
target => "@timestamp"
locale => "cn"
}
mutate {
remove_field => "timestamp"
}
}
output {
elasticsearch {
index => "logstash-nginx-access-%{+YYYY.MM.dd}"
hosts => ["192.168.0.166:9200"]
user => "elastic"
password => "*cn94mJ?1234~@1="这个配置文件只是针对一个日志文件,如果想要收集多台机器上的日志数据,可以使用Beats。
安装logstash配置文件里的插件
bin/logstash-plugin install logstash-filter-grok
bin/logstash-plugin install logstash-filter-geoip
bin/logstash-plugin install logstash-filter-mutate
bin/logstash-plugin install logstash-filter-date
启动
bin/logstash -f
配置Kibana
登陆Kibana(http://localhost:5601),在Management里面,新建一个Index Patterns,注意timestamp格式为data。
然后就可以在Visualize里就可以新建自己想要的数据展现形式了,有柱状图,饼图。。。
最后可以把上一部新建的图标集中放在Dashboard里面了。
参考:
- grok
- grokdebug
- mutate
- geoip
- date
- Kibana
