安装环境:Apache+LogStash+ElasticSearch+Kibana
学习内容:看一下一条日志信息在ES及Kibana上是如何表示的
原始日志内容:
192.168.209.1 - - [02/Aug/2017:14:18:42 -0400] "GET /gif/r-ball.gif HTTP/1.1" 200 527 "http://192.168.209.143/gif/" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.104 Safari/537.36"通过Kibana的Dev Tools查询在ES中的存储样式:
{
"_index": "apache_access",
"_type": "apache_access",
"_id": "AV2kK9WiW64_aEqdkUpA",
"_score": 1,
"_source": {
"request": "/gif/r-ball.gif",
"agent": """"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.104 Safari/537.36"""",
"auth": "-",
"ident": "-",
"verb": "GET",
"message": """192.168.209.1 - - [02/Aug/2017:14:18:42 -0400] "GET /gif/r-ball.gif HTTP/1.1" 200 527 "http://192.168.209.143/gif/" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.104 Safari/537.36"""",
"type": "apache_access",
"path": "/var/log/apache2/access_log",
"referrer": """"http://192.168.209.143/gif/"""",
"@timestamp": "2017-08-02T18:18:42.429Z",
"response": "200",
"bytes": "527",
"clientip": "192.168.209.1",
"@version": "1",
"host": "base1",
"httpversion": "1.1",
"timestamp": "02/Aug/2017:14:18:42 -0400"
}
}通过Kibana的Discover查询该条日志:
扫一扫
1290
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
