Elk-Grafana分析nginx日志

  5 分钟 读完 (大约 676 个字) 0次访问

ELK-Grafana分析并展示nginx日志

效果图如下

image-20210112102720174

image-20210112141557644

image-20210112141642078

整体架构如下(kafka可选)

image-20210112111513358

软件包及版本

filebeat-7.9.2-x86_64.rpm
elasticsearch-7.9.2-x86_64.rpm
logstash-7.9.2.rpm
metricbeat-7.9.2-linux-x86_64.tar.gz
grafana-7.3.6-1.x86_64.rpm

全部使用 yum -y local install rpm包安装

主要配置文件

nginx

nginx日志json化输出

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
http {
    log_format  main  '{"@timestamp":"$time_iso8601",'
    '"host":"$hostname",'
    '"server_ip":"$server_addr",'
    '"client_ip":"$remote_addr",'
    '"xff":"$http_x_forwarded_for",'
    '"domain":"$host",'
    '"url":"$uri",'
    '"referer":"$http_referer",'
    '"args":"$args",'
    '"upstreamtime":"$upstream_response_time",'
    '"responsetime":"$request_time",'
    '"request_method":"$request_method",'
    '"status":"$status",'
    '"size":"$body_bytes_sent",'
    '"request_body":"$request_body",'
    '"request_length":"$request_length",'
    '"protocol":"$server_protocol",'
    '"upstreamhost":"$upstream_addr",'
    '"file_dir":"$request_filename",'
    '"http_user_agent":"$http_user_agent"'
  '}';

    access_log  /var/log/nginx/access.log  main;

filebeat

默认配置文件路径:/etc/filebeat/filebeat.yml

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
filebeat.inputs:
# 收集nginx日志
- type: log
  enabled: true
  paths:
    - /var/log/nginx/*.log
  fields:                  #
    type: nginx1           # 多日志收集,添加自定义字段
  fields_under_root: true  # 置顶 type字段 这样 logstash里才能根据type的值来过滤
# 日志是json开启这个
  json.keys_under_root: true
  json.overwrite_keys: true
  json.add_error_key: true
          
output:
  logstash:
    hosts: ["172.16.150.75:5044"]

logstash

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
input {
  beats {
    host => '0.0.0.0'
    port => 5044
  }
}

filter {
   if [type] == "nginx1" {
    geoip {
    #multiLang => "zh-CN"
    target => "geoip"
    source => "client_ip"
    database => "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-filter-geoip-6.0.3-java/vendor/GeoLite2-City.mmdb"
    add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ]
    add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}" ]
    # 去掉显示 geoip 显示的多余信息
    remove_field => ["[geoip][latitude]", "[geoip][longitude]", "[geoip][country_code]", "[geoip][country_code2]", "[geoip][country_code3]", "[geoip][timezone]", "[geoip][continent_code]", "[geoip][region_code]"]
  }
  mutate {
    convert => [ "size", "integer" ]
    convert => [ "status", "integer" ]
    convert => [ "responsetime", "float" ]
    convert => [ "upstreamtime", "float" ]
    convert => [ "[geoip][coordinates]", "float" ]
    # 过滤 filebeat 没用的字段,这里过滤的字段要考虑好输出到es的,否则过滤了就没法做判断
    remove_field => [ "ecs","agent","host","cloud","@version","input","logs_type" ]
  }
  # 根据http_user_agent来自动处理区分用户客户端系统与版本
  useragent {
    source => "http_user_agent"
    target => "ua"
    # 过滤useragent没用的字段
    remove_field => [ "[ua][minor]","[ua][major]","[ua][build]","[ua][patch]","[ua][os_minor]","[ua][os_major]" ]
  }
  }
  
}
output {
  if [type] == "nginx1" {
  elasticsearch {
    hosts => ["http://172.16.150.75:9200", "http://172.16.150.76:9200", "http://172.16.150.77:9200"]
    index => "logstash-nginx-%{+YYYY.MM.dd}"
  }
  }
}

检查是否有索引生成

image-20210112133854974

grafana

添加数据源
导入模版

https://grafana.com/grafana/dashboards

https://grafana.com/grafana/dashboards/11190

image-20210112132316920

选择要导入的模版复制ID

image-20210112132402973

image-20210112132451031

image-20210112132718847

安装插件

按照提示安装所需插件

1
grafana-cli plugins install XXXXXXX
地图插件显示问题
1
2
3
4
5
6
7
8
9
10
11
12
##备份以下三个文件,替换所有文件中的两个地址
grafana-worldmap-panel\src\worldmap.ts
grafana-worldmap-panel\dist\module.js
grafana-worldmap-panel\dist\module.js.map



将:https://cartodb-basemaps-{s}.global.ssl.fastly.net/light_all/{z}/{x}/{y}.png
替换成:http://{s}.basemaps.cartocdn.com/light_all/{z}/{x}/{y}.png
将:https://cartodb-basemaps-{s}.global.ssl.fastly.net/dark_all/{z}/{x}/{y}.png
替换成:http://{s}.basemaps.cartocdn.com/dark_all/{z}/{x}/{y}.png
上传到Grafana服务器,默认位置:/var/lib/grafana/plugins/grafana-worldmap-panel
Elk使用笔记
k8s部署jira

评论

  关注我
Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now

×