kibana图表:
登录---在左侧面板中选择visualize--单击“”编号--- -选择图表类型--- buckets---x-axis---agge
field(remote_addr.keyword )--size(5)5)--单击上面的三角形
kibana监测(x-pack ) :
登录- -左侧面板选择--Monitoring--启用监控
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
构建文件beat redis日志状态es kiba na体系结构
安装并启动redis
(1)安装和数据目录准备
mkdir -p /data/soft
mkdir-p/opt/redis _ cluster/redis _ 6379/{ conf,logs,pid}
)2)下载redis安装软件包
cd /data/soft
wget 3358 download.redis.io/releases/redis-5.0.7.tar.gz
)3)从redis输入/opt/redis_cluster/
tarx fredis-5.0.7.tar.gz-c/opt/redis _ cluster /
ln-s/opt/redis _ cluster/redis-5.0.7/opt/redis _ cluster/redis
(4)切换目录安装redis
cd /opt/redis_cluster/redis
生成安装
(5)建立个人资料
vim/opt/redis _ cluster/redis _ 6379/conf/6379.conf
添加:
粗犷的短靴d 127.0.0.1 192.168.1.108
端口6379
日期是
pidfile/opt/redis _ cluster/redis _ 6379/PID/redis _ 6379.PID
log file/opt/redis _ cluster/redis _ 6379/logs/redis _ 6379.log
数据库16
dbfilename redis.rdb
dir/opt/redis _ cluster/redis _ 6379
保存结束
(6)开始现在的redis服务
redis-server/opt/redis _ cluster/redis _ 6379/conf/6379.conf
修改文件beat配置文件并将其输出到redis
(参考文献: https://www.elastic.co/guide/en/beats/file beat/6.6/index.html )
)1)修改文件beat配置output以指向redis,然后重新启动
vim /etc/filebeat/filebeat.yml
filebeat.inputs:
-type:日志
启用:真
paths:
- /var/log/nginx/access.log
json.keys_under_root: true
json.overwrite_keys: true
tags: ['access']
-type:日志
启用:真
paths:
- /var/log/nginx/error.log
tags: ['error']
setup.template.settings:
index.number_of_shards: 3
setup.kibana:
output.redis:
hosts: ['192.168.1.104']
key : '文件投注'
db: 0
timeout: 5
保存结束
重新启动服务: systemctl restart filebeat
)2)测试对网站的访问,登录redis,查看键值
redis-cli #登录
keys * #列出所有键
类型文件beat #文件beat是密钥值名称
查看Lenfilebeat#list的长度
显示语言文件0-1 # list的所有内容
安装logstash,收集redis日志并提交给es
(1) logstash安装(安装软件包预放在/data/soft下) )。
cd /data/soft/
rpm -ivh logstash-6.6.0.rpm
)2)修改日志状态配置文件,实现access和error日志的分离
vim/etc/log stash/conf.d/redis.conf
添加:
input {
redis {
host='192.168.1.104 '
端口=' 6379 '
db='0'
key='文件beat '
data_type='list '
}
}
过滤器{
mutate {
convert=['upstream_time ',' float']
convert=['request_time ',' float']
}
}
output {
stdout {}
if 'access' in [tags] {
电子搜索{
hosts=[ ' http://192.168.1.10433609200 ' ]
index=' nginx _ access-% { yyyy.mm.DD } '
manage_template=false
}
}
if 'error' in [tags] {
电子搜索{
hosts=[ ' http://192.168.1.10433609200 ' ]
index=' nginx _ error-% { yyyy.mm.DD } '
manage_template=false
}
}
}
保存结束
重新启动log stash :/usr/share/log stash /粗犷短靴/log stash-f/etc/log stash/conf.d/redis.conf