說明
因為nginx可以自定義訪問日志咪笑,而logstash處理json格式日志比較方便,所以可以先將nginx訪問日志格式手動拼成json格式
修改nginx訪問日志格式
http {
log_format json '{"@timestamp":"$time_iso8601",'
'"host":"$server_addr",'
'"clientip":"$remote_addr",'
'"size":"body_bytes_sent",'
'"responsetime":$request_time,'
'"upstreamtime":"$upstream_response_time",'
'"upstreamhost":"$upstream_addr",'
'"http_host":"$host",'
'"url":"$uri",'
'"xff":"$http_x_forwarded_for",'
'"referer":"$http_referer",'
'"agent":"$http_user_agent",'
'"status":"$status"}';
......
}
logstash配置
[root@localhost /usr/local/logstash-5.1.1]# vim config/conf.d/nginx.conf
input {
file {
path => "/var/log/nginx/access.log"
codec => json
}
}
filter {
mutate {
split => ["upstreamtime", ","]
}
mutate {
convert => ["upstreamtime","float"]
}
}
output {
elasticsearch {
hosts => "172.16.11.199"
index => "logstash-nginx-%{+YYYY.MM.dd}"
}
}
配置解釋:
- input 標準輸入擦盾,這里指定日志文件嘲驾,格式為json格式
- filter 日志過濾,因為如果有代理服務器迹卢,upstreamtime會有多個值辽故,這里先將多個upstream切割成數(shù)組,然后通過convert將值轉化為浮點型腐碱,因為在mutate中convert的優(yōu)先級高于split誊垢,所以這里只能分成兩個mutate
kibana配置
-
添加索引
-
索引添加完成后即可看到以下界面
添加Visualize
-
構建網(wǎng)站訪問狀態(tài)碼比例餅圖
-
構建每個ip訪問的url條形圖
-
構建某一時刻用戶訪問網(wǎng)站的url
