接上篇搭建文章
3、 Logstash部署----192.168.246.231
系统类型:Centos7.5
节点IP:192.168.246.231 E
软件版本:jdk-8u121-linux-x64.tar.gz、logstash-6.5.4.tar.gz
1.安装配置Logstash
Logstash运行同样依赖jdk,本次为节省资源,故将Logstash安装在了kafka244.231节点。
(1)安装
[root@es-2-zk-log ~]# tar xvzf logstash-6.5.4.tar.gz -C /usr/local/
(2)配置
创建目录,我们将所有input、filter、output配置文件全部放到该目录中。
1.安装nginx:
[root@es-2-zk-log ~]# rpm -ivh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
[root@es-2-zk-log ~]# yum install -y nginx
将原来的日志格式注释掉定义成json格式:
[root@es-2-zk-log conf.d]# vim /etc/nginx/nginx.conf
log_format json '{"@timestamp":"$time_iso8601",'
'"@version":"1",'
'"client":"$remote_addr",'
'"url":"$uri",'
'"status":"$status",'
'"domain":"$host",'
'"host":"$server_addr",'
'"size":$body_bytes_sent,'
'"responsetime":$request_time,'
'"referer": "$http_referer",'
'"ua": "$http_user_agent"'
'}';
2.引用定义的json格式的日志:
access_log /var/log/nginx/access_json.log json;
[root@es-2-zk-log ~]# systemctl start nginx
[root@es-2-zk-log ~]# systemctl enable nginx
浏览器多访问几次
[root@es-2-zk-log ~]# mkdir -p /usr/local/logstash-6.5.4/etc/conf.d
[root@es-2-zk-log ~]# cd /usr/local/logstash-6.5.4/etc/conf.d/
[root@es-2-zk-log conf.d]# vim input.conf #---在下面添加
input{
#让logstash可以读取特定的事件源。
file{
#从文件读取
path => ["/var/log/nginx/access_json.log"] #要输入的文件路径
type => "shopweb" #定义一个类型,通用选项.
}
}
[root@es-2-zk-log conf.d]# vim output.conf
output{
#输出插件,将事件发送到特定目标
elasticsearch {
#输出到es
hosts => ["192.168.246.234:9200","192.168.246.231:9200","192.168.246.235:9200"] #指定es服务的ip加端口
index => ["%{type}-%{+YYYY.MM.dd}"] #引用input中的type名称,定义输出的格式
}
}
启动:
[root@es-2-zk-log conf.d]# cd /usr/local/logstash-6.5.4/
[root@es-2-zk-log logstash-6.5.4]# nohup bin/logstash -f etc/conf.d/ --config.reload.automatic &
查看日志出现:
[root@es-2-zk-log logstash-6.5.4]# tail -f nohup.out
[2019-08-04T01:39:24,671][INFO ][logstash.outputs.elasticsearch] Attempting to install template {
:manage_template=