elk
文章平均质量分 81
wzz_ccr
这个作者很懒,什么都没留下…
展开
-
elk源码安装
[root@localhostelk]# lselasticsearch-2.2.1.tar.gzjdk-8u101-linux-i586.gz kibana-4.4.2-linux-x64.tar.gz logstash-2.2.2.tar.gz 解压jdk1.8[root@localhostelk]# tar xvf jdk-8u101-linux-i586.gz原创 2017-01-23 16:01:23 · 2053 阅读 · 0 评论 -
elk-logstash查看运行参数api
curl GET http://127.0.0.1:9600/_node/stats/pipeline 2> /dev/null ----------反应各个模块进出数量{ "pipeline": { "events": { "duration_in_millis": 7863504, "in": 100,原创 2017-03-07 13:07:44 · 4337 阅读 · 0 评论 -
elk模块x-pack简单替代,按照索引设置不同用户(nginx权限控制)
按照url路径划分不同业务组的应用例如nginx日志显示:"POST/elasticsearch/logstash-ceshi-1*/_field_stats?level=indices HTTP/1.1" 401195 "http://192.168.6.3:9999/app/kibana" "Mozilla/5.0 (WindowsNT 6.1; WOW64; rv:51.0) Gec原创 2017-03-16 16:59:21 · 1828 阅读 · 0 评论 -
es基本操作(陆续更新)
表达:GET /_cat/health?v ----?v输出详细信息GET /_cat/health?v&ts=0 ----&ts=0禁止显示时间戳epoch timestamp cluster status node.total node.data shards pri relo init unassign pending_tasks max_ta原创 2017-04-12 17:39:38 · 1022 阅读 · 0 评论 -
filebeat合并java日志多行信息
编辑配置文件[root@web-bj-docker-10 filebeat]# vim filebeat.yml#添加以下内容#=========================== Filebeat prospectors =============================filebeat.prospectors:# Each - is a prospec原创 2017-04-12 17:47:11 · 10020 阅读 · 0 评论 -
elk监控ssh登陆日志,通过脚本实现阈值告警
filebeat配置:filebeat.prospectors:- input_type: log paths: - /var/log/secure exclude_lines: ["nagios"]output.logstash: # The Logstash hosts hosts: ["10.0.1.1:5050"]logstash配原创 2017-04-17 17:49:00 · 1115 阅读 · 0 评论 -
elk日志分析filebeat配置(filebeat + logstash)
日志格式:nginx_access:{ "@timestamp":"2017-01-23T15:16:48+08:00","client": "192.168.0.151","@version":"1","host":"192.168.0.147","size":160,"responsetime":0.000,"domain":"mv.bjfxr.com","url":"/index.h原创 2017-01-23 15:12:16 · 19490 阅读 · 0 评论 -
logstash自定义匹配分析nginx日志
---------------------------------------------------filebeat配置----------------------------------------------------------------------filebeat.prospectors:- input_type: log paths: - /mapbar/l原创 2017-05-24 09:17:38 · 3823 阅读 · 0 评论