elk监控nginx日志
cd /usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-patterns-core-4.1.2/patterns/
vim nginx_access
URIPARAM1 [A-Za-z0-9$.+!*'|(){},~@#%&/=:;_?\-\[\]]*
NGINXACCESS %{IPORHOST:client_ip} (%{USER:ident}|- ) (%{USER:auth}|-) \[%{HTTPDATE:timestamp}\] "(?:%{WORD:verb} (%{NOTSPACE:request}|-)(?: HTTP/%{NUMBER:http_version})?|-)" %{NUMBER:status} (?:%{NUMBER:bytes}|-) "(?:%{URI:referrer}|-)" "%{GREEDYDATA:agent}"
vim /etc/logstash/conf.d/nginx-log.conf
input {
file {
path => "/usr/local/nginx/logs/access.log"
type => "nginx-log"
start_position => "beginning"
}
}
filter {
grok {
match => { "message" => "%{NGINXACCESS}" }
}
}
output {
elasticsearch {
hosts => ["127.0.0.1:9200"]
index => "nginx_log-%{+YYYY.MM.dd}"
}
}
systemctl restart logstash
下面是ELK常用的命令
curl -X GET http://127.0.0.1:9200/_cat/indices?v
curl -X GET http://127.0.0.1:9200/_cat/health?v
curl -X GET http://127.0.0.1:9200/_cat/nodes?v
curl -X DELETE http://127.0.0.1:9200/system_log-2020.02.27
curl -X DELETE http://127.0.0.1:9200/system_log-2020.02.28
添加统计pv的图形