logstash收集日志并写入Redis再到es集群
2021/10/7 2:10:51
本文主要是介绍logstash收集日志并写入Redis再到es集群,对大家解决编程问题具有一定的参考价值,需要的程序猿们随着小编来一起学习吧!
redis做数据缓存
图形架构:
环境准备
172.31.2.101 es1 + kibana 172.31.2.102 es2 172.31.2.103 es3 172.31.2.104 logstash1 172.31.2.105 logstash2 172.31.2.106 Redis 172.31.2.107 web1
安装redis
[root@es-redis ~]# apt install redis -y
改redis 配置
[root@es-redis ~]# vim /etc/redis/redis.conf bind 0.0.0.0 requirepass 123456 save "" #save 900 1 #save 300 10 #save 60 10000
重启
[root@es-redis ~]# systemctl restart redis
检查端口
[root@es-redis ~]# ss -tnl 6379
在web服务器Nginx-logstash配置改如下
建议把host写上
[root@es-redis ~]# vim /etc/logstash/conf.d/nginx-log-es.conf input{ file{ path => "/var/log/nginx/access.log" start_position => "beginning" stat_interval => 3 type => "nginx-accesslog" codec => "json" } } output{ if [type] == "nginx-accesslog" { redis { data_type => "list" host => "172.31.2.106" key => "nginx-accesslog" port => "6379" db => "1" password => "123456" }} }
重启
[root@es-redis ~]# systemctl restart logstash
访问nginx让其产生数据
在redis服务器测试
[root@es-redis ~]# redis-cli -h 172.31.2.106 172.31.2.106:6379> AUTH 123456 OK 172.31.2.106:6379> SELECT 1 OK 172.31.2.106:6379[1]> keys * 1) "nginx-accesslog" 172.31.2.106:6379[1]> LPOP nginx-accesslog
logstash服务器写到es 的配置
[root@es-web1 ~]# vim nginx-log-es.conf input { redis { data_type => "list" key => "nginx-accesslog" host => "172.31.2.106" port => "6379" db => "1" password => "123456" codec => "json" } } output { if [type] == "nginx-accesslog" { elasticsearch{ hosts => ["172.31.2.101:9200"] index => "n826-long-nginx-accesslog-%{+YYYY.MM.dd}" }} }
停止
[root@es-redis ~]# systemctl stop logstash.service
运行
[root@es-redis ~]# /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/nginx-log-es.conf
添加到kibana
略
创建视图
把Nginx错误日志也配置
[root@es-web1 ~]# cat /etc/logstash/conf.d/nginx-log-es.conf input { file { path => "/var/log/nginx/access.log" start_position => "beginning" stat_interval => 3 type => "nginx-accesslog" codec => "json" } file { path => "/apps/nginx/logs/error.log" start_position => "beginning" stat_interval => 3 type => "nginx-errorlog" #codec => "json" } } output { if [type] == "nginx-accesslog" { redis { data_type => "list" host => "172.31.2.106" key => "nginx-accesslog" port => "6379" db => "1" password => "123456" }} if [type] == "nginx-errorlog" { redis { data_type => "list" host => "172.31.2.106" key => "nginx-errorlog" port => "6379" db => "1" password => "123456" }} }
重启
[root@es-redis ~]# systemctl restart logstash
制作错误日志信息
[root@es-web1 ~]# echo "error 654321 web" >> /apps/nginx/logs/error.log [root@es-web1 ~]# echo "error 123456 web" >> /apps/nginx/logs/error.log
在把logstash写入es集群
[root@logstash1 ~]# cat /etc/logstash/conf.d/nginx-log-es.conf input { redis { data_type => "list" key => "nginx-accesslog" host => "172.31.2.106" port => "6379" db => "1" password => "123456" codec => "json" } redis { data_type => "list" key => "nginx-errorlog" host => "172.31.2.106" port => "6379" db => "1" password => "123456" } } output { if [type] == "nginx-accesslog" { elasticsearch { hosts => ["172.31.2.101:9200"] index => "n826-long-nginx-accesslog-%{+YYYY.MM.dd}" }} if [type] == "nginx-errorlog" { elasticsearch { hosts => ["172.31.2.101:9200"] index => "n826-long-nginx-errorlog-%{+YYYY.MM.dd}" }} }
重启
[root@es-redis ~]# systemctl restart logstash
当logstash去redis取数据,redis就会没有,如果数据多的话取一次就会少一次
这篇关于logstash收集日志并写入Redis再到es集群的文章就介绍到这儿,希望我们推荐的文章对大家有所帮助,也希望大家多多支持为之网!
- 2024-12-27阿里云Redis学习入门指南
- 2024-12-27阿里云Redis入门详解:轻松搭建与管理
- 2024-12-27阿里云Redis学习:新手入门指南
- 2024-12-24Redis资料:新手入门快速指南
- 2024-12-24Redis资料:新手入门教程与实践指南
- 2024-12-24Redis资料:新手入门教程与实践指南
- 2024-12-07Redis高并发入门详解
- 2024-12-07Redis缓存入门:新手必读指南
- 2024-12-07Redis缓存入门:新手必读教程
- 2024-12-07Redis入门:新手必备的简单教程