logstash-output-zabbix¶
由于网络原因,使用下面方式安装¶
美国开通ecs,使用在线安装,对比差异,提取出以下安装方式
操作之前备份logstash目录
Gemfile¶
root@ubuntu47:~/test-logstash-output-zabbix/chayi# echo 'gem "logstash-output-zabbix"' >> /usr/share/logstash/Gemfile
root@ubuntu47:/usr/share/logstash# tail -2 Gemfile
gem "logstash-output-zabbix"
修改logstash/Gemfile.jruby-1.9.lock¶
/usr/share/logstash/Gemfile.jruby-1.9.lock
488 logstash-output-zabbix (3.0.1)
489 logstash-codec-plain
490 logstash-core-plugin-api (>= 1.60, <= 2.99)
491 zabbix_protocol (>= 0.1.5)
610 zabbix_protocol (0.1.5)
611 multi_json
718 logstash-output-zabbix
新加文件(注意文件属主,属组 logstash)¶
相关文件已经打包在项目里,文件名add-logstash-output-zabbix.tar.gz
vendor/bundle/jruby/1.9/cache
root@ubuntu47:~/test-logstash-output-zabbix/logstash# ls vendor/bundle/jruby/1.9/cache
logstash-output-zabbix-3.0.1.gem zabbix_protocol-0.1.5.gem
vendor/bundle/jruby/1.9/gems/zabbix_protocol-0.1.5 目录下所有文件
root@ubuntu47:~/test-logstash-output-zabbix/logstash# ls vendor/bundle/jruby/1.9/gems/zabbix_protocol-0.1.5
Gemfile LICENSE.txt README.md Rakefile lib spec zabbix_protocol.gemspec
vendor/bundle/jruby/1.9/gems/logstash-output-zabbix-3.0.1 目录下所有文件
vendor/bundle/jruby/1.9/specifications/logstash-output-zabbix-3.0.1.gemspec
vendor/bundle/jruby/1.9/specifications/zabbix_protocol-0.1.5.gemspec
检查zabbix插件是否安装成功¶
上述操作完成之后,需要重启logstash,而后通过如下命令验证
root@ubuntu47:/usr/share/logstash# bin/logstash-plugin list|grep zabbix
logstash-output-zabbix
logstash向zabbix发送数据¶
安装logstash-output-zabbix3¶
zabbix Web界面配置¶
配置filter¶
root@ubuntu47:/etc/logstash/conf.d# cat filter.conf
filter {
if [type] == "nginx-access" {
json {
source => "message"
remove_field => [ "Arg0","Arg1","Arg2","Arg3","Arg4","Arg5","Arg6","Arg7","Arg8","Arg3","Arg9","Arg10" ]
}
mutate {
split => [ "upstreamtime", "," ]
}
mutate {
convert => [ "upstreamtime", "float" ]
}
if [status] == 304 {
mutate {
add_field => { "[@metadata][zabbix_key]" => "nginx_status" } # 同zabbix Web里配置的监控项里对应的key 一致
add_field => { "[@metadata][zabbix_host]" => "ubuntu47" } # zabbix 配置的当前服务器的 Host name 一致
# add_field => { "[nginx_status]" => "字符串用双引号一起来,数字不需要引号" } # 如果有这种需求,可以添加一个field,定义为想要的数据,然后写到zabbix(output里面的配置,zabbix_value => "nginx_status")
}
}
}
}
配置output¶
root@ubuntu47:/etc/logstash/conf.d# cat output.conf
output {
if [type] == "nginx-access" {
elasticsearch {
user => logstash
password => logstash
ssl => true
ssl_certificate_verification => true
truststore => "/etc/logstash/truststore.jks"
truststore_password => "82df5ddf119275a190e0"
hosts => "127.0.0.1:9200"
index => "logstash-%{type}"
document_type => "%{type}"
sniffing => false
manage_template => false
flush_size => 20000
idle_flush_time => 10
template_overwrite => true
}
}
if [type] == "nginx-access" {
if [status] == 304 {
zabbix {
zabbix_server_host => "10.29.164.37" # zabbix-server IP
zabbix_host => "[@metadata][zabbix_host]" # 使用filter里面配置的
zabbix_key => "[@metadata][zabbix_key]" # filter里面配置的key,必须要配置
zabbix_value => "status" # 这里如果使用具体的值,可能会出现 类似这这种错误,Zabbix server at 10.29.164.37 rejected all items sent
# status 将会取上面的 304
}
}
}
}
问题记录¶
[WARN ][logstash.outputs.zabbix ] Field referenced by 1 is missing¶
将漏掉的 Field 添加到filter中
比如 filter中添加如下配置
mutate {
add_field => { "[@metadata][zabbix_key]" => "nginx_status" }
add_field => { "[@metadata][zabbix_host]" => "ubuntu47" }
}
[WARN ][logstash.outputs.zabbix ] Zabbix server at 10.29.164.37 rejected all items sent. {:zabbix_host=>“ubuntu47”}¶
原因: zabbix_value => "1"
修改成如下配置后,解决:
zabbix_value => "status"