您的位置:首页 > 运维架构 > Nginx

filebeat把nginx的json日志格式文件推送到es

2020-04-22 17:12 183 查看

#### 前言

为了方便在es中查看到nginx的日志,需要把nginx日志输送到es中,这里采用filebeat推送到es中

 

#### 准备工作

##### 部署及配置nginx的日志json格式

这里不再赘述,详见:https://blog.csdn.net/weixin_42715225/article/details/105603410

 

##### 部署filebeat

这里亦不再赘述,详见:https://blog.csdn.net/weixin_42715225/article/details/105601286   

注释: 其中filebeat.yml文件改为如下内容

```

cat > /opt/filebeat/filebeat.yml <<-EOF
filebeat.inputs:
- type: log
  enabled: true    # 必须为true,否则logstash接收不到
  paths:
    - /var/log/nginx/access.log    # 日志文件路径

  fields:
    index: "nginx-access_log-%{+yyyy.MM}"
  encoding: plain
  json.keys_under_root: true
  json.overwrite_keys: true
  json.message_key: log

close_inactive: 2m
scan_frequency: 2m
filebeat.config.modules:
  path: ${path.config}/modules.d/*.yml
  reload.enabled: false
setup.template.settings:
  index.number_of_shards: 1
setup.kibana:
output.elasticsearch:
  hosts: ["url/ip:9200"]    # 建议: 云主机上部署,url采用内网的url,同理,ip也是采用内网的ip

  indices:
    - index: "nginx-access_log-%{+yyyy.MM}"
      when.contains:
        fields:
          index: "nginx-access_log-%{+yyyy.MM}"

processors:
  - add_host_metadata: ~
  - add_cloud_metadata: ~
  - add_docker_metadata: ~
  - add_kubernetes_metadata: ~

# 如下可参考/忽略

setup.template.name: "filebeat"
setup.template.path: "/mnt/filebeat/filebeat.template.json"
setup.template.pattern: "filebeat-*"
template.overwrite: True

EOF

```

补充:

···

cat > /mnt/filebeat/filebeat.template.json <<-EOF
{
  "mappings": {
    "_default_": {
      "_all": {
        "norms": false
      },
      "dynamic_templates": [
        {
          "fields": {
            "mapping": {
              "ignore_above": 1024,
              "type": "keyword"
            },
            "match_mapping_type": "string",
            "path_match": "fields.*"
          }
        }
      ],
      "properties": {
        "@timestamp": {
          "type": "date"
        },
        "beat": {
          "properties": {
            "hostname": {
              "ignore_above": 1024,
              "type": "keyword"
            },
            "name": {
              "ignore_above": 1024,
              "type": "keyword"
            }
          }
        },
        "input_type": {
          "ignore_above": 1024,
          "type": "keyword"
        },
        "message": {
          "norms": false,
          "type": "text"
        },
        "offset": {
          "type": "long"
        },
        "source": {
          "ignore_above": 1024,
          "type": "keyword"
        },
        "tags": {
          "ignore_above": 1024,
          "type": "keyword"
        },
        "type": {
          "ignore_above": 1024,
          "type": "keyword"
        }
      }
    }
  },
  "order": 0,
  "settings": {
    "index.refresh_interval": "5s"
  },
  "template": "filebeat-*"
}


EOF

···

  • 点赞
  • 收藏
  • 分享
  • 文章举报
devops_sre 发布了32 篇原创文章 · 获赞 0 · 访问量 358 私信 关注
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息
标签: 
相关文章推荐
新的分享
章节导航