logstash收集日志并写入Redis再到es集群
2021/10/7 2:10:51
本文主要是介绍logstash收集日志并写入Redis再到es集群,对大家解决编程问题具有一定的参考价值,需要的程序猿们随着小编来一起学习吧!
redis做数据缓存
图形架构:
环境准备
172.31.2.101 es1 + kibana 172.31.2.102 es2 172.31.2.103 es3 172.31.2.104 logstash1 172.31.2.105 logstash2 172.31.2.106 Redis 172.31.2.107 web1
安装redis
[root@es-redis ~]# apt install redis -y
改redis 配置
[root@es-redis ~]# vim /etc/redis/redis.conf bind 0.0.0.0 requirepass 123456 save "" #save 900 1 #save 300 10 #save 60 10000
重启
[root@es-redis ~]# systemctl restart redis
检查端口
[root@es-redis ~]# ss -tnl 6379
在web服务器Nginx-logstash配置改如下
建议把host写上
[root@es-redis ~]# vim /etc/logstash/conf.d/nginx-log-es.conf
input{
file{
path => "/var/log/nginx/access.log"
start_position => "beginning"
stat_interval => 3
type => "nginx-accesslog"
codec => "json"
}
}
output{
if [type] == "nginx-accesslog" {
redis {
data_type => "list"
host => "172.31.2.106"
key => "nginx-accesslog"
port => "6379"
db => "1"
password => "123456"
}}
}
重启
[root@es-redis ~]# systemctl restart logstash
访问nginx让其产生数据
在redis服务器测试
[root@es-redis ~]# redis-cli -h 172.31.2.106 172.31.2.106:6379> AUTH 123456 OK 172.31.2.106:6379> SELECT 1 OK 172.31.2.106:6379[1]> keys * 1) "nginx-accesslog" 172.31.2.106:6379[1]> LPOP nginx-accesslog
logstash服务器写到es 的配置
[root@es-web1 ~]# vim nginx-log-es.conf
input {
redis {
data_type => "list"
key => "nginx-accesslog"
host => "172.31.2.106"
port => "6379"
db => "1"
password => "123456"
codec => "json"
}
}
output {
if [type] == "nginx-accesslog" {
elasticsearch{
hosts => ["172.31.2.101:9200"]
index => "n826-long-nginx-accesslog-%{+YYYY.MM.dd}"
}}
}
停止
[root@es-redis ~]# systemctl stop logstash.service
运行
[root@es-redis ~]# /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/nginx-log-es.conf
添加到kibana
略
创建视图
把Nginx错误日志也配置
[root@es-web1 ~]# cat /etc/logstash/conf.d/nginx-log-es.conf
input {
file {
path => "/var/log/nginx/access.log"
start_position => "beginning"
stat_interval => 3
type => "nginx-accesslog"
codec => "json"
}
file {
path => "/apps/nginx/logs/error.log"
start_position => "beginning"
stat_interval => 3
type => "nginx-errorlog"
#codec => "json"
}
}
output {
if [type] == "nginx-accesslog" {
redis {
data_type => "list"
host => "172.31.2.106"
key => "nginx-accesslog"
port => "6379"
db => "1"
password => "123456"
}}
if [type] == "nginx-errorlog" {
redis {
data_type => "list"
host => "172.31.2.106"
key => "nginx-errorlog"
port => "6379"
db => "1"
password => "123456"
}}
}
重启
[root@es-redis ~]# systemctl restart logstash
制作错误日志信息
[root@es-web1 ~]# echo "error 654321 web" >> /apps/nginx/logs/error.log [root@es-web1 ~]# echo "error 123456 web" >> /apps/nginx/logs/error.log
在把logstash写入es集群
[root@logstash1 ~]# cat /etc/logstash/conf.d/nginx-log-es.conf
input {
redis {
data_type => "list"
key => "nginx-accesslog"
host => "172.31.2.106"
port => "6379"
db => "1"
password => "123456"
codec => "json"
}
redis {
data_type => "list"
key => "nginx-errorlog"
host => "172.31.2.106"
port => "6379"
db => "1"
password => "123456"
}
}
output {
if [type] == "nginx-accesslog" {
elasticsearch {
hosts => ["172.31.2.101:9200"]
index => "n826-long-nginx-accesslog-%{+YYYY.MM.dd}"
}}
if [type] == "nginx-errorlog" {
elasticsearch {
hosts => ["172.31.2.101:9200"]
index => "n826-long-nginx-errorlog-%{+YYYY.MM.dd}"
}}
}
重启
[root@es-redis ~]# systemctl restart logstash
当logstash去redis取数据,redis就会没有,如果数据多的话取一次就会少一次
这篇关于logstash收集日志并写入Redis再到es集群的文章就介绍到这儿,希望我们推荐的文章对大家有所帮助,也希望大家多多支持为之网!
- 2024-11-08阿里云Redis项目实战入门教程
- 2024-11-08阿里云Redis资料:新手入门与初级使用指南
- 2024-11-08阿里云Redis教程:新手入门及实用指南
- 2024-11-07阿里云Redis学习入门:新手必读指南
- 2024-11-07阿里云Redis学习入门:从零开始的操作指南
- 2024-11-07阿里云Redis学习:初学者指南
- 2024-11-06阿里云Redis入门教程:轻松搭建与使用指南
- 2024-11-02Redis项目实战:新手入门教程
- 2024-10-22Redis入门教程:轻松掌握数据存储与操作
- 2024-10-22Redis缓存入门教程:快速掌握Redis缓存基础知识
