5.3.3、启动filebeat& 开机启动
systemctl start filebeatsystemctl enable filebeat5.4、配置logstash
5.4.1 编辑配置
cat /usr/local/logstash/config/nginx.confinput {kafka {type =>"nginxlog"topics =>["nginxlog"]bootstrap_servers=> ["192.168.0.53:9091"]group_id =>"nginxlog"auto_offset_reset=> latestcodec =>"json"}}filter {if [type] == "nginxlog"{grok {match => {"message" => "%{COMBINEDAPACHELOG}" }remove_field =>"message"}date {match => ["timestamp" , "dd/MMM/YYYY:HH:mm:ss Z" ]}geoip {source =>"clientip"target =>"geoip"database =>"/usr/local/logstash/config/GeoLite2-City.mmdb"add_field => ["[geoip][coordinates]", "%{[geoip][longitude]}" ] #添加字段coordinates,值为经度add_field => ["[geoip][coordinates]", "%{[geoip][latitude]}" ] #添加字段coordinates,值为纬度}mutate {convert => ["[geoip][coordinates]", "float"]}useragent {source =>"agent"target =>"userAgent"}}}output {if [type] == 'nginxlog' {elasticsearch {hosts =>["http://192.168.0.48:9200"]index =>"logstash-nginxlog-%{+YYYY.MM.dd}"}stdout {codec =>rubydebug}}}5.4.2、使用配置文件启动logstash服务,观察输出
/usr/local/logstash/bin/logstash -f nginx.conf{"httpversion"=> "1.1","verb" =>"GET","auth"=> "-","@timestamp"=> 2019-03-18T06:41:27.000Z,"type"=> "nginxlog","json"=> {},"source"=> "/var/log/nginx/newtest-msp-api.mingongge.com.cn-80.log","fields" =>{"log_topics"=> "nginxlog"},"response"=> "200","offset"=> 957434,"host"=> {"name" =>"test-kafka-web"},"beat"=> {"hostname"=> "test-kafka-web","version"=> "6.3.2","name"=> "test-kafka-web"},"bytes"=> "673","request"=> "/user/fund/113","timestamp"=> "18/Mar/2019:14:41:27 +0800","referrer"=> ""-"","userAgent"=> {"os"=> "Windows","major" => "4","patch"=> "3","build"=> "","minor"=> "0","os_name"=> "Windows","device"=> "Other","name"=> "Electron"},"geoip"=> {"ip" => "1xx.2xx.72.175","country_name" => "China","coordinates" => [[0] 121.4012,[1] 31.0449],"region_name" => "Shanghai","location" => {"lat"=> 31.0449,"lon"=> 121.4012},"continent_code" => "AS","timezone" => "Asia/Shanghai","longitude" => 121.4012,"city_name" => "Shanghai","country_code2" => "CN","region_code" => "SH","latitude" => 31.0449,"country_code3" => "CN"},"@version"=> "1","clientip"=> "1xx.2xx.72.175","ident"=> "-","agent"=> ""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36(KHTML, like Gecko) sun/1.5.6 Chrome/69.0.3497.106 Electron/4.0.3Safari/537.36""}5.4.3、后台启动logstash
确认出现以上输出后,将logstash分离出当前shell,并放在后台运行
nohup /usr/local/logstash/bin/logstash -f nginx.conf &>/dev/null &5.5、kibana配置
5.5.1、修改kibana配置
/usr/local/kibana-6.5.4-linux-x86_64/config/kibana.yml #增加高德地图tilemap.url:'http://webrd02.is.autonavi.com/appmaptile?lang=zh_cn&size=1&scale=1&style=7&x={x}&y={y}&z={z}'5.5.2、创建Index Pattern
文章插图
文章插图
5.5.3、IP访问TOP5
选择柱形图
推荐阅读
- 利用Fiddler来Mock接口返回值
- 利用CentOS7云主机搭建NPS内网穿透代理服务器
- 华为实验演示:利用路由器的接口配置VRRP
- CentOS7下利用FRR路由套件实现OSPF动态路由组网
- 利用宝塔面板可视化搭建Bitwarden私有密码管理器
- 利用超级推荐纠正人群标签 超级推荐设置技巧
- 淘宝新店推广方法 卖家如何利用淘宝客推广新品
- 利用太极拳健身具有神奇的效果
- 芦荟去痘痘怎么做才好?
- 批量安装Windows系统