沉舟侧畔千帆进,病树前头万木春。这篇文章主要讲述ELK收集nginx日志相关的知识,希望能为你提供帮助。
json格式化nginx日志备注:key是自定义的
log_format log_json "@timestamp": "$time_local",
"remote_addr": "$remote_addr",
"referer": "$http_referer",
"request": "$request",
"status": $status,
"bytes": $body_bytes_sent,
"agent": "$http_user_agent",
"x_forwarded": "$http_x_forwarded_for",
"up_addr": "$upstream_addr",
"up_host": "$upstream_http_host",
"up_resp_time": "$upstream_response_time",
"request_time": "$request_time"
;
access_log/var/log/nginx/access.loglog_json;
重启服务
[root@es1 < sub> ]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@es1 < /sub> ]# vim /etc/nginx/nginx.conf
[root@es1 ~]# systemctl start nginx
配置logstashinput里面可以嵌套多个file收集;output也可以嵌套多个if判断,输出到不同的es
[root@es1 conf.d]# cat nginx.conf
input
file
type => "nginxlog"
path => "/var/log/nginx/access.log"
start_position => "beginning"
stat_interval => 5
codec => "json"
file
type => "messageslog"
path => "/var/log/messages"
start_position => "beginning"
stat_interval => 5
output
if [type] == "nginxlog"
elasticsearch
hosts => ["192.168.1.9:9200"]
index => "logstash-nginx-log-%+YYYY.MM.dd"
if [type] == "messageslog"
elasticsearch
hosts => ["192.168.1.10:9200"]
index => "logstash-system-log-%+YYYY.MM.dd"
配置kibana:
[logstash-nginx-log]-YYYY.MM.DD
刷新kibana索引:目的是第一配置缺少参数需要kibana重新加载下索引。
【ELK收集nginx日志】
推荐阅读
- 技术揭秘!百度搜索中台低代码的探索与实践
- #yyds干货盘点#Linux根目录包含内容
- 亮剑-精讲stream,万物皆可stream
- CGLIB动态代理探索(ASM,Spring)#yyds干货盘点#
- binlog2sql的对MySQL列的兼容性测试
- WordPress的帖子编辑器省略换行符吗()
- WordPress分页上一页/下一个箭头
- 主题开发的WordPress离线文档[关闭]
- WordPress-类别和子类别的嵌套列表