配置文件

logstash

root@ubuntu75:/etc/logstash# egrep -v "#|^$" /etc/logstash/logstash.yml
path.data: /var/lib/logstash
path.config: /etc/logstash/conf.d
path.logs: /var/log/logstash

logstash conf

root@ubuntu75:/etc/elasticsearch# cat /etc/logstash/conf.d/filter.conf
filter {
  if [type] == "nginx-access" {
    json {
      source => "message"
      remove_field => [ "Arg0","Arg1","Arg2","Arg3","Arg4","Arg5","Arg6","Arg7","Arg8","Arg3","Arg9","Arg10" ]
    }

    mutate {
        split => [ "upstreamtime", "," ]
    }
    mutate {
        convert => [ "upstreamtime", "float" ]
    }
}
}
root@ubuntu75:/etc/elasticsearch# cat /etc/logstash/conf.d/input.conf
input {
 beats {
   port => 5044
  }
}
root@ubuntu75:/etc/elasticsearch# cat /etc/logstash/conf.d/output.conf
output {

if [type] == "nginx-access" {
  elasticsearch {
    hosts => "127.0.0.1:9200"
    index => "logstash-%{type}"
    document_type => "%{type}"
    sniffing => false
    manage_template => false
    flush_size => 20000
    idle_flush_time => 10
    template_overwrite => true
  }
}
}

elasticsearch

root@ubuntu75:/etc/elasticsearch# egrep -v "#|^$" /etc/elasticsearch/elasticsearch.yml
cluster.name: my-elk-cluster
node.name: node-1
path.data: /data/es-data
network.host: 0.0.0.0
http.port: 9200
discovery.zen.ping.unicast.hosts: ["10.174.217.111","10.174.214.247"]
discovery.zen.minimum_master_nodes: 1
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: Authorization

nginx

root@ubuntu75:/etc/elasticsearch# egrep -v "#|^$" /etc/nginx/nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
events {
    worker_connections 768;
}
http {
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    include /etc/nginx/mime.types;
    default_type application/octet-stream;
    ssl_prefer_server_ciphers on;
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" $request_body '
                      '"$http_user_agent" "$http_x_forwarded_for"';
     log_format json '{'
                     '"remote_addr":"$remote_addr",'
                     '"remote_user":"$remote_user",'
                     '"time_local":"$time_local",'
                     '"@timestamp":"$time_iso8601",'
                     '"@source":"$server_addr",'
                     '"request_method":"$request_method",'
                     '"request":"$request",'
                     '"uri":"$uri",'
                     '"request_uri":"$request_uri",'
                     '"status":$status,'
                     '"body_bytes_sent":$body_bytes_sent,'
                     '"http_referer":"$http_referer",'
                     '"http_user_agent":"$http_user_agent",'
                     '"http_x_forwarded_for":"$http_x_forwarded_for",'
                     '"request_time":$request_time,'
                     '"upstream_response_time":"$upstream_response_time",'
                     '"upstream_status":"$upstream_status",'
                     '"upstream_addr":"$upstream_addr"'
                     '}';
    access_log /var/log/nginx/access.log json;
    error_log /var/log/nginx/error.log ;
    gzip on;
    gzip_disable "msie6";
    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}
root@ubuntu75:/etc/elasticsearch#

/etc/nginx/conf.d/kibana.conf

root@ubuntu75:/etc/elasticsearch# cat /etc/nginx/conf.d/kibana.conf
    upstream kibana {
        server 127.0.0.1:5601;
    }

server {
    listen 80;
    server_name _;
    auth_basic "Restricted Access";
    auth_basic_user_file /etc/nginx/htpasswd.users;

    location / {
        proxy_pass http://kibana;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
    proxy_set_header X-Forward-For $remote_addr;

        proxy_cache_bypass $http_upgrade;
    }
}

nginx-default

root@ubuntu75:/etc/elasticsearch# egrep -v "#|^$" /etc/nginx/conf.d/default
server {
    listen 80 default_server;
    listen [::]:80 default_server;
    root /var/www/html;
    index index.html index.htm index.nginx-debian.html;
    server_name _;
    location / {
        try_files $uri $uri/ =404;
    }
}

elasticsearch-head

root@ubuntu75:/etc/elasticsearch# cat /etc/nginx/conf.d/elasticsearch-head.conf
server {
    listen 81;
    server_name _;
    auth_basic "Restricted Access";
    auth_basic_user_file /etc/nginx/htpasswd.users;

    location / {
        proxy_pass http://127.0.0.1:9100;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}

kibana

root@ubuntu75:/etc/elasticsearch# egrep -v "#|^$" /etc/kibana/kibana.yml
server.host: "0.0.0.0"
elasticsearch.url: "http://127.0.0.1:9200"