配置文件¶
logstash¶
root@ubuntu75:/etc/logstash# egrep -v "#|^$" /etc/logstash/logstash.yml
path.data: /var/lib/logstash
path.config: /etc/logstash/conf.d
path.logs: /var/log/logstash
logstash conf¶
root@ubuntu75:/etc/elasticsearch# cat /etc/logstash/conf.d/filter.conf
filter {
if [type] == "nginx-access" {
json {
source => "message"
remove_field => [ "Arg0","Arg1","Arg2","Arg3","Arg4","Arg5","Arg6","Arg7","Arg8","Arg3","Arg9","Arg10" ]
}
mutate {
split => [ "upstreamtime", "," ]
}
mutate {
convert => [ "upstreamtime", "float" ]
}
}
}
root@ubuntu75:/etc/elasticsearch# cat /etc/logstash/conf.d/input.conf
input {
beats {
port => 5044
}
}
root@ubuntu75:/etc/elasticsearch# cat /etc/logstash/conf.d/output.conf
output {
if [type] == "nginx-access" {
elasticsearch {
hosts => "127.0.0.1:9200"
index => "logstash-%{type}"
document_type => "%{type}"
sniffing => false
manage_template => false
flush_size => 20000
idle_flush_time => 10
template_overwrite => true
}
}
}
elasticsearch¶
root@ubuntu75:/etc/elasticsearch# egrep -v "#|^$" /etc/elasticsearch/elasticsearch.yml
cluster.name: my-elk-cluster
node.name: node-1
path.data: /data/es-data
network.host: 0.0.0.0
http.port: 9200
discovery.zen.ping.unicast.hosts: ["10.174.217.111","10.174.214.247"]
discovery.zen.minimum_master_nodes: 1
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: Authorization
nginx¶
root@ubuntu75:/etc/elasticsearch# egrep -v "#|^$" /etc/nginx/nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 768;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
ssl_prefer_server_ciphers on;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" $request_body '
'"$http_user_agent" "$http_x_forwarded_for"';
log_format json '{'
'"remote_addr":"$remote_addr",'
'"remote_user":"$remote_user",'
'"time_local":"$time_local",'
'"@timestamp":"$time_iso8601",'
'"@source":"$server_addr",'
'"request_method":"$request_method",'
'"request":"$request",'
'"uri":"$uri",'
'"request_uri":"$request_uri",'
'"status":$status,'
'"body_bytes_sent":$body_bytes_sent,'
'"http_referer":"$http_referer",'
'"http_user_agent":"$http_user_agent",'
'"http_x_forwarded_for":"$http_x_forwarded_for",'
'"request_time":$request_time,'
'"upstream_response_time":"$upstream_response_time",'
'"upstream_status":"$upstream_status",'
'"upstream_addr":"$upstream_addr"'
'}';
access_log /var/log/nginx/access.log json;
error_log /var/log/nginx/error.log ;
gzip on;
gzip_disable "msie6";
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
root@ubuntu75:/etc/elasticsearch#
/etc/nginx/conf.d/kibana.conf
root@ubuntu75:/etc/elasticsearch# cat /etc/nginx/conf.d/kibana.conf
upstream kibana {
server 127.0.0.1:5601;
}
server {
listen 80;
server_name _;
auth_basic "Restricted Access";
auth_basic_user_file /etc/nginx/htpasswd.users;
location / {
proxy_pass http://kibana;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Forward-For $remote_addr;
proxy_cache_bypass $http_upgrade;
}
}
nginx-default¶
root@ubuntu75:/etc/elasticsearch# egrep -v "#|^$" /etc/nginx/conf.d/default
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
try_files $uri $uri/ =404;
}
}
elasticsearch-head¶
root@ubuntu75:/etc/elasticsearch# cat /etc/nginx/conf.d/elasticsearch-head.conf
server {
listen 81;
server_name _;
auth_basic "Restricted Access";
auth_basic_user_file /etc/nginx/htpasswd.users;
location / {
proxy_pass http://127.0.0.1:9100;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
kibana¶
root@ubuntu75:/etc/elasticsearch# egrep -v "#|^$" /etc/kibana/kibana.yml
server.host: "0.0.0.0"
elasticsearch.url: "http://127.0.0.1:9200"