Before reading this article, please visit
ELK Stack latest Version test an installation chapter
http://jerrymin.blog.51cto.com/3002256/1720109
Detailed configuration is as follows:
One, the client
1,nginx log Format
Log_format Logstash_json ' {"@timestamp": "$time _iso8601", '
' Host ': ' $server _addr ', '
' "ClientIP": "$remote _addr", '
' Size ': $body _bytes_sent, '
' "ResponseTime": $request _time, '
' "Upstreamtime": "$upstream _response_time", '
' "Upstreamhost": "$upstream _addr", '
' "Http_host": "$host", '
' URL ': ' $uri ', '
' "referrer": "$http _referer", '
' "Xff": "$http _x_forwarded_for", '
"Agent": "$http _user_agent", '
' Status ': ' $status '} ';
Access_log/data/wwwlogs/access_jerrymin.test.com.log Logstash_json;
2,fielbeat configuration file
Filebeat:
Prospectors:
-
-/data/wwwlogs/access_jerrymin.test.com.log
Doucmenttype:jerrymin.test.com
Output
Logstash
Enabled:true
Hosts: ["192.168.0.58:5044"]
Shipper
3,topbeat configuration file
Input
# in seconds, defines how often to read server statistics
Period:10
# Regular expression to match the processes is monitored
# By default, all the processes is monitored
Procs: [". *"]
# Statistics to collect (all enabled by default)
Stats
System:true
Proc:true
Filesystem:true
Output
# # Elasticsearch as Output
Elasticsearch
Hosts: ["192.168.0.58:9200"]
Shipper
Logging
Files
rotateeverybytes:10485760 # = 10MB
Second, service-side configuration
1,logstash configuration file
[Email protected] logstash]# Cat/etc/logstash/conf.d/nginxconf.json
Input {
Beats {
Port = 5044
codec = JSON
}
}
Filter {
Mutate {
split = ["Upstreamtime", ","]
}
Mutate {
convert = ["Upstreamtime", "float"]
}
}
Output {
Elasticsearch {
hosts = "192.168.0.58:9200"
Sniffing = True
Manage_template = False
# index = "%{[@metadata][beat]}-%{+yyyy. MM.DD} "
index = "filebeat-%{type}-%{+yyyy. MM.DD} "
Document_type = "%{[@metadata][type]}"
}
}
2,elasticsearch configuration file
[Email protected] logstash]# cat/etc/elasticsearch/elasticsearch.yml |grep-ev "^#|^$"
Path.data:/data
Path.logs:/data/elklogs
network.host:192.168.0.58
http.port:9200
3,kibana configuration file
[Email protected] config]# cat/var/kibana/config/kibana.yml
# Kibana is served by a back end server. This controls the which port to use.
server.port:5601
# The host to bind the server to.
Server.host: "0.0.0.0"
# The Elasticsearch instance to use for all your queries.
Elasticsearch.url: "http://192.168.0.58:9200"
Three, Tengine reverse proxy configuration
Cat/usr/local/nginx/conf/vhosts_all/kibana.conf
Server
{
Listen 8888;
server_name 192.168.0.58
Index index.html index.shtml;
Location/{
Proxy_pass http://localhost:5601;
Proxy_http_version 1.1;
Proxy_set_header Upgrade $http _upgrade;
Proxy_set_header Connection ' upgrade ';
Proxy_set_header Host $host;
Proxy_cache_bypass $http _upgrade;
Auth_basic "Please input Username and Password";
Auth_basic_user_file/usr/local/nginx/conf/.pass_file;
}
Access_log/data/wwwlogs/access.kibana.log access;
}
Four, landing platform
http://192.168.0.58:8888
1, creating an index
2, create a view
3. Create a panel
This article is from the "jerrymin" blog, make sure to keep this source http://jerrymin.blog.51cto.com/3002256/1720110
ELK Stack Latest Version Test two configuration chapter