ELK Stack Latest Version Test two configuration chapter

Before reading this article, please visit

ELK Stack latest Version test an installation chapter

http://jerrymin.blog.51cto.com/3002256/1720109

Detailed configuration is as follows:

One, the client

1,nginx log Format

Log_format Logstash_json ' {"@timestamp": "$time _iso8601", '
' Host ': ' $server _addr ', '
' "ClientIP": "$remote _addr", '
' Size ': $body _bytes_sent, '
' "ResponseTime": $request _time, '
' "Upstreamtime": "$upstream _response_time", '
' "Upstreamhost": "$upstream _addr", '
' "Http_host": "$host", '
' URL ': ' $uri ', '
' "referrer": "$http _referer", '
' "Xff": "$http _x_forwarded_for", '
"Agent": "$http _user_agent", '
' Status ': ' $status '} ';

Access_log/data/wwwlogs/access_jerrymin.test.com.log Logstash_json;

2,fielbeat configuration file

Filebeat:

Prospectors:

-

-/data/wwwlogs/access_jerrymin.test.com.log

Doucmenttype:jerrymin.test.com

Output

Logstash

Enabled:true

Hosts: ["192.168.0.58:5044"]

Shipper

3,topbeat configuration file

Input
# in seconds, defines how often to read server statistics
Period:10

# Regular expression to match the processes is monitored
# By default, all the processes is monitored
Procs: [". *"]

# Statistics to collect (all enabled by default)
Stats
System:true
Proc:true

Filesystem:true

Output

# # Elasticsearch as Output

Elasticsearch

Hosts: ["192.168.0.58:9200"]

Shipper

Logging

Files

rotateeverybytes:10485760 # = 10MB

Second, service-side configuration

1,logstash configuration file

[Email protected] logstash]# Cat/etc/logstash/conf.d/nginxconf.json

Input {
Beats {
Port = 5044
codec = JSON
}
}

Filter {
Mutate {
split = ["Upstreamtime", ","]
}
Mutate {
convert = ["Upstreamtime", "float"]
}
}

Output {
Elasticsearch {
hosts = "192.168.0.58:9200"
Sniffing = True
Manage_template = False

# index = "%{[@metadata][beat]}-%{+yyyy. MM.DD} "

index = "filebeat-%{type}-%{+yyyy. MM.DD} "

Document_type = "%{[@metadata][type]}"
}

}

2,elasticsearch configuration file

[Email protected] logstash]# cat/etc/elasticsearch/elasticsearch.yml |grep-ev "^#|^$"
Path.data:/data
Path.logs:/data/elklogs
network.host:192.168.0.58

http.port:9200

3,kibana configuration file

[Email protected] config]# cat/var/kibana/config/kibana.yml
# Kibana is served by a back end server. This controls the which port to use.
server.port:5601

# The host to bind the server to.
Server.host: "0.0.0.0"

# The Elasticsearch instance to use for all your queries.

Elasticsearch.url: "http://192.168.0.58:9200"

Three, Tengine reverse proxy configuration

Cat/usr/local/nginx/conf/vhosts_all/kibana.conf
Server
{
Listen 8888;
server_name 192.168.0.58
Index index.html index.shtml;

Location/{
Proxy_pass http://localhost:5601;
Proxy_http_version 1.1;
Proxy_set_header Upgrade $http _upgrade;
Proxy_set_header Connection ' upgrade ';
Proxy_set_header Host $host;
Proxy_cache_bypass $http _upgrade;
Auth_basic "Please input Username and Password";
Auth_basic_user_file/usr/local/nginx/conf/.pass_file;
}

Access_log/data/wwwlogs/access.kibana.log access;

}

Four, landing platform

http://192.168.0.58:8888

1, creating an index

2, create a view

3. Create a panel

This article is from the "jerrymin" blog, make sure to keep this source http://jerrymin.blog.51cto.com/3002256/1720110

ELK Stack Latest Version Test two configuration chapter