ELK Stack最新版本测试二配置篇

阅读本文前请浏览

ELK Stack最新版本测试一安装篇

http://jerrymin.blog.51cto.com/3002256/1720109

详细配置如下：

一，客户端

1，nginx日志格式

log_format logstash_json '{ "@timestamp": "$time_iso8601", '                          '"host": "$server_addr", '                          '"clientip": "$remote_addr", '                          '"size": $body_bytes_sent, '                          '"responsetime": $request_time, '                          '"upstreamtime": "$upstream_response_time", '                          '"upstreamhost": "$upstream_addr", '                          '"http_host": "$host", '                          '"url": "$uri", '                          '"referrer": "$http_referer", '                          '"xff": "$http_x_forwarded_for", '                          '"agent": "$http_user_agent", '                          '"status": "$status"} ';

    access_log  /data/wwwlogs/access_jerrymin.test.com.log  logstash_json;

2，fielbeat配置文件

filebeat:

  prospectors:

    -

        - /data/wwwlogs/access_jerrymin.test.com.log

        doucmenttype:jerrymin.test.com

output:

  logstash:

    enabled: true

    hosts: ["192.168.0.58:5044"]

shipper:

3，topbeat配置文件

input:   # In seconds, defines how often to read server statistics   period: 10   # Regular expression to match the processes that are monitored   # By default, all the processes are monitored   procs: [".*"]   # Statistics to collect (all enabled by default)   stats:     system: true     proc: true

    filesystem: true

output:   ### Elasticsearch as output

  elasticsearch:

    hosts: ["192.168.0.58:9200"]

shipper:

logging:

  files:

    rotateeverybytes: 10485760 # = 10MB

二，服务端配置

1，logstash配置文件

[root@localhost logstash]# cat /etc/logstash/conf.d/nginxconf.json

input {   beats {     port => 5044     codec => json   } } filter {     mutate {         split => [ "upstreamtime", "," ]     }     mutate {         convert => [ "upstreamtime", "float" ]     } } output {   elasticsearch {     hosts => "192.168.0.58:9200"     sniffing => true     manage_template => false

    # index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"

    index => "filebeat-%{type}-%{+YYYY.MM.dd}"

    document_type => "%{[@metadata][type]}"   }

}

2，elasticsearch配置文件

[root@localhost logstash]# cat /etc/elasticsearch/elasticsearch.yml |grep -Ev "^#|^$" path.data: /data path.logs: /data/elklogs network.host: 192.168.0.58

http.port: 9200

3，kibana配置文件

[root@localhost config]# cat /var/kibana/config/kibana.yml # Kibana is served by a back end server. This controls which port to use. server.port: 5601 # The host to bind the server to. server.host: "0.0.0.0" # The Elasticsearch instance to use for all your queries.

elasticsearch.url: "http://192.168.0.58:9200"

三，Tengine反向代理配置

cat /usr/local/nginx/conf/vhosts_all/kibana.conf server {     listen 8888;     server_name  192.168.0.58     index       index.html index.shtml;     location / {         proxy_pass http://localhost:5601;         proxy_http_version 1.1;         proxy_set_header Upgrade $http_upgrade;         proxy_set_header Connection 'upgrade';         proxy_set_header Host $host;         proxy_cache_bypass $http_upgrade;               auth_basic "Please input Username and Password";        auth_basic_user_file /usr/local/nginx/conf/.pass_file;     }     access_log  /data/wwwlogs/access.kibana.log  access;

}

四，登陆平台

http://192.168.0.58:8888

1，创建索引

wKioL1ZyFgjxBcHOAADiQbeEHoY485.png

2，创建视图

wKioL1ZyFh-RaoeHAADBXkPxxcU100.png

3，创建面板

wKioL1ZyFjeAGK4WAAD7OimdHzA557.png