• elk7.4+filebeat收集日志


    一简介

    流程图如下:每个客户端安装filebeat
    filebeat--->>logstash-->elasticsearch--->kibana
    安装es前提要安装java环境

    二 elk三个插件安装

    1 配置yum源

    [root@elk xs]# cat /etc/yum.repos.d/elk.repo 
    [logstash-7.x]
    name=Elastic repository for 7.x packages
    baseurl=https://artifacts.elastic.co/packages/7.x/yum
    gpgcheck=1
    gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
    enabled=1
    autorefresh=1
    type=rpm-md
    
    

    2安装

    sudo yum install logstash kibana elasticsearch
    

    三 更改kibana和elasticsearch配置文件

    1 elasticsearch配置文件如下

    cluster.name: elk
    node.name: node-1
    path.data: /var/lib/elasticsearch
    path.logs: /var/log/elasticsearch
    network.host: 172.17.199.231
    http.port: 9200
    bootstrap.memory_lock: false
    bootstrap.system_call_filter: false
    cluster.initial_master_nodes: ["node-1"]
    

    说明:当时没有启用cluster.initial_master_nodes: ["node-1"] ,启动一直报错,报错信息如下:

    #[1] bootstrap checks failed
    # [1]: the default discovery settings are unsuitable for production use; at least one of [discovery.seed_hosts, discovery.seed_providers, cluster.initial_master_nodes] must be configured
    

    2kibana更改如下

    vim /etc/kibana/kibana.yml
    server.port: 5601 #监听端口
    server.host: "172.17.199.231"
    elasticsearch.hosts: ["http://172.17.199.231:9200"] #es地址
    

    3启动kibana和elasticsearch

    /etc/init.d/kibana start
    /etc/init.d/elasticsearch start
    

    四 设置logstash

    说明:我这里收集的日志比较多,所以写了很多

    1 配置文件

    input {
      beats {
         port => 5044
      }
    }
    
    
    filter{
        grok {
           match => ["message", "%{SYSLOGBASE} %{GREEDYDATA:message}"]
           overwrite => ["message"]
        }
    }
    
    output {
        if [app] == "www" {
            if [type] == "tiantian-system-service-node2" {
               elasticsearch {
                  hosts => ["http://127.0.0.1:9200"]
                  index => "tiantian-system-service-node2-%{+YYYY.MM.dd}"
               }
            }
            else if [type] == "tiantian-system-service-node4" {
               elasticsearch {
                  hosts => ["http://127.0.0.1:9200"]
                  index => "tiantian-system-service-node4-%{+YYYY.MM.dd}"
               }
            }
            else if [type] == "tiantian-assets-service-node2" {
               elasticsearch {
                  hosts => ["http://127.0.0.1:9200"]
                  index => "tiantian-assets-service-node2-%{+YYYY.MM.dd}"
               }
            }
            else if [type] == "tiantian-assets-service-node4" {
               elasticsearch {
                  hosts => ["http://127.0.0.1:9200"]
                  index => "tiantian-assets-service-node4-%{+YYYY.MM.dd}"
               }
            }
            else if [type] == "tiantian-user-service-node2" {
               elasticsearch {
                  hosts => ["http://127.0.0.1:9200"]
                  index => "tiantian-user-service-node2-%{+YYYY.MM.dd}"
               }
            }
            else if [type] == "tiantian-user-service-node4" {
               elasticsearch {
                  hosts => ["http://127.0.0.1:9200"]
                  index => "tiantian-user-service-node4-%{+YYYY.MM.dd}"
               }  
            }
            else if [type] == "tiantian-order-service-node2" {
               elasticsearch {
                  hosts => ["http://127.0.0.1:9200"]
                  index => "tiantian-order-service-node2-%{+YYYY.MM.dd}"
               }  
            }
            else if [type] == "tiantian-order-service-node4" {
               elasticsearch {
                  hosts => ["http://127.0.0.1:9200"]
                  index => "tiantian-order-service-node4-%{+YYYY.MM.dd}"
               }
            }
            else if [type] == "tiantian-audit-service-node5" {
               elasticsearch {
                  hosts => ["http://127.0.0.1:9200"]
                  index => "tiantian-audit-service-node5-%{+YYYY.MM.dd}"
               }
            }
            else if [type] == "tiantian-audit-service-node6" {
               elasticsearch {
                  hosts => ["http://127.0.0.1:9200"]
                  index => "tiantian-audit-service-node6-%{+YYYY.MM.dd}"
               }
            }
            else if [type] == "tiantian-admin-service-node2" {
               elasticsearch {
                  hosts => ["http://127.0.0.1:9200"]
                  index => "tiantian-admin-service-node2-%{+YYYY.MM.dd}"
               }
            }
              
            else if [type] == "tiantian-admin-service-node4" {
               elasticsearch {
                  hosts => ["http://127.0.0.1:9200"]
                  index => "tiantian-admin-service-node4-%{+YYYY.MM.dd}"
               }
            }
            else if [type] == "tiantian-collection-service-node5" {
               elasticsearch {
                  hosts => ["http://127.0.0.1:9200"]
                  index => "tiantian-collection-service-node5-%{+YYYY.MM.dd}"
               }
            }
            else if [type] == "tiantian-collection-service-node6" {
               elasticsearch {
                  hosts => ["http://127.0.0.1:9200"]
                  index => "tiantian-collection-service-node6-%{+YYYY.MM.dd}"
               }
            }
            else if [type] == "tiantian-collection-admin-node5" {
               elasticsearch {
                  hosts => ["http://127.0.0.1:9200"]
                  index => "tiantian-collection-admin-node5-%{+YYYY.MM.dd}"
               }
            }
            else if [type] == "tiantian-collection-admin-node6" {
               elasticsearch {
                  hosts => ["http://127.0.0.1:9200"]
                  index => "tiantian-collection-admin-node6-%{+YYYY.MM.dd}"
               }
            }
            else if [type] == "tiantian-collection-job-node5" {
               elasticsearch {
                  hosts => ["http://127.0.0.1:9200"]
                  index => "tiantian-collection-job-node5-%{+YYYY.MM.dd}"
               }
            }
            else if [type] == "tiantian-channel-api-node2" {
               elasticsearch {
                  hosts => ["http://127.0.0.1:9200"]
                  index => "tiantian-channel-api-node2-%{+YYYY.MM.dd}"
               }
            }
            else if [type] == "tiantian-channel-api-node4" {
               elasticsearch {
                  hosts => ["http://127.0.0.1:9200"]
                  index => "tiantian-channel-api-node4-%{+YYYY.MM.dd}"
               }
            }
            else if [type] == "tiantian-job-node4" {
               elasticsearch { 
                  hosts => ["http://127.0.0.1:9200"]
                  index => "tiantian-job-node4-%{+YYYY.MM.dd}"
               }  
            }  
            else if [type] == "tiantian-mq-service-node4" {
               elasticsearch {
                  hosts => ["http://127.0.0.1:9200"]
                  index => "tiantian-mq-service-node4-%{+YYYY.MM.dd}"
               }
            }
            else if [type] == "tiantian-mq-service-node2" {
               elasticsearch {
                  hosts => ["http://127.0.0.1:9200"]
                  index => "tiantian-mq-service-node2-%{+YYYY.MM.dd}"
               }
            }
            else if [type] == "jz-asset-node1" {
               elasticsearch {
                  hosts => ["http://127.0.0.1:9200"]
                  index => "jz-asset-node1-%{+YYYY.MM.dd}"
               }
            }
            else if [type] == "tiantian-channel-admin-node4" {
               elasticsearch {
                  hosts => ["http://127.0.0.1:9200"]
                  index => "tiantian-channel-admin-node4-%{+YYYY.MM.dd}"
               }
            }
            else if [type] == "tiantian-channel-admin-node2" {
               elasticsearch {
                  hosts => ["http://127.0.0.1:9200"]
                  index => "tiantian-channel-admin-node2-%{+YYYY.MM.dd}"
               }
            }
    
            else if [type] == "tiantian-admin-api-node5" {
               elasticsearch {
                  hosts => ["http://127.0.0.1:9200"]
                  index => "tiantian-admin-api-node5-%{+YYYY.MM.dd}"
               }
            }
            else if [type] == "tiantian-admin-api-node6" {
               elasticsearch {
                  hosts => ["http://127.0.0.1:9200"]
                  index => "tiantian-admin-api-node6-%{+YYYY.MM.dd}"
               }
            }
            else if [type] == "tiantian-api-v2-node2" {
               elasticsearch {
                  hosts => ["http://127.0.0.1:9200"]
                  index => "tiantian-api-v2-node2-%{+YYYY.MM.dd}"
               }
            }
            else if [type] == "tiantian-api-v2-node4" {
               elasticsearch {
                  hosts => ["http://127.0.0.1:9200"]
                  index => "tiantian-api-v2-node4-%{+YYYY.MM.dd}"
               }  
            } 
            else if [type] == "tiantian-audit-admin-node5" {
               elasticsearch {
                  hosts => ["http://127.0.0.1:9200"]
                  index => "tiantian-audit-admin-node5-%{+YYYY.MM.dd}"
               }
            }
            else if [type] == "tiantian-audit-admin-node6" {
               elasticsearch {
                  hosts => ["http://127.0.0.1:9200"]
                  index => "tiantian-audit-admin-node6-%{+YYYY.MM.dd}"
               }
            }
            else if [type] == "xxd-credit-service-node2" {
               elasticsearch {
                  hosts => ["http://127.0.0.1:9200"]
                  index => "xxd-credit-service-node2-%{+YYYY.MM.dd}"
               }
            }
            else if [type] == "xxd-jinbaodai-api-node4" {
               elasticsearch {
                  hosts => ["http://127.0.0.1:9200"]
                  index => "xxd-jinbaodai-api-node4-%{+YYYY.MM.dd}"
               }
            }
            else if [type] == "xxd-jinbaodai-api-node7" {
               elasticsearch {
                  hosts => ["http://127.0.0.1:9200"]
                  index => "xxd-jinbaodai-api-node7-%{+YYYY.MM.dd}"
               }
            }
            else if [type] == "xxd-jinbaodai-service-node7" {
               elasticsearch {
                  hosts => ["http://127.0.0.1:9200"]
                  index => "xxd-jinbaodai-service-node7-%{+YYYY.MM.dd}"
               }
            }
            else if [type] == "xxd-jinbaodai-service-node4" {
               elasticsearch {
                  hosts => ["http://127.0.0.1:9200"]
                  index => "xxd-jinbaodai-service-node4-%{+YYYY.MM.dd}"
               }
            }
             else if [type] == "xxd-ops-service-node5" {
               elasticsearch {
                  hosts => ["http://127.0.0.1:9200"]
                  index => "xxd-ops-service-node5-%{+YYYY.MM.dd}"
               }
            }
             else if [type] == "xxd-ops-service-node6" {
               elasticsearch {
                  hosts => ["http://127.0.0.1:9200"]
                  index => "xxd-ops-service-node6-%{+YYYY.MM.dd}"
               }
            }
            else if [type] == "xxd-ops-web-node5" {
               elasticsearch {
                  hosts => ["http://127.0.0.1:9200"]
                  index => "xxd-ops-web-node5-%{+YYYY.MM.dd}"
               }
            }
            else if [type] == "tiantian-warning-node5" {
               elasticsearch {
                  hosts => ["http://127.0.0.1:9200"]
                  index => "tiantian-warning-node5-%{+YYYY.MM.dd}"
               }
            }
            else if [type] == "tiantian-warning-node6" {
               elasticsearch {
                  hosts => ["http://127.0.0.1:9200"]
                  index => "tiantian-warning-node6-%{+YYYY.MM.dd}"
               }
            }
        }
      stdout { codec=> rubydebug }
    }
    
    

    2启动

    设置服务自启动:systemctl enable logstash
    启动服务:systemctl start logstash
    停止服务:systemctl stop logstash
    重启服务:systemctl restart logstash
    查看服务状态:systemctl status logstash
    
    

    报错1

    启动报错 could not find java;set JAVA_HOME or ensure java报错,是因为java环境变量的问题,解决办法:

    # 把你实际的java环境变量做个软连接即可
    ln -s /usr/local/java/jdk1.8.0_111/bin/java /usr/bin/java
    

    报错2

    logstash收集日志报错 Logstash 报错: A plugin had an unrecoverable error. Will restart this plugin
    解决办法,/etc/logstash/conf.d目录下面不要有多个conf配置文件
    参考:http://jaminzhang.github.io/elk/ELK-Stage-Production-Problem-TroubleShooting-and-Solving/

    五 filebeat

    在客户端(产生日志的服务器上面安装)

    1 安装

    curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.4.0-linux-x86_64.tar.gz
    tar xzvf filebeat-7.4.0-linux-x86_64.tar.gz
    
    curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.4.0-x86_64.rpm
    sudo rpm -vi filebeat-7.4.0-x86_64.rpm
    

    2 filebeat配置文件

    grep -v "^ *#" /etc/filebeat/filebeat.yml |grep -v "^$"

    [root@node1 filebeat]# grep -v "^[[:space:]]*#" /etc/filebeat/filebeat.yml |grep -v "^$"
    filebeat.inputs:
    - type: log
      enabled: true
      paths:
        
         - /datalog/service/tiantian-system-service/node2/nohup.out
      encoding: utf-8
      tail_files: true
      
      fields:
        app: www
        type: tiantian-system-service-node2
      fields_under_root: true
      multiline:
         pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]'
         negate: true
         match: after
    - type: log
      enabled: true
      paths:
         - /datalog/service/tiantian-system-service/node4/nohup.out
      encoding: utf-8
      tail_files: true
      fields:
        app: www
        type: tiantian-system-service-node4
      fields_under_root: true
      multiline:
         pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]'
         negate: true
         match: after
    - type: log
      paths:
         - /datalog/service/tiantian-user-service/node2/nohup.out
      encoding: utf-8
      tail_files: true
      fields:
        app: www
        type: tiantian-user-service-node2
      fields_under_root: true
      multiline:
         pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]'
         negate: true
         match: after
    - type: log
      paths:
         - /datalog/service/tiantian-user-service/node4/nohup.out
      encoding: utf-8
      tail_files: true
      fields:
        app: www
        type: tiantian-user-service-node4
      fields_under_root: true
      multiline:
         pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]'
         negate: true
         match: after
    - type: log
      paths:
         - /datalog/service/tiantian-assets-service/node4/nohup.out
      encoding: utf-8
      tail_files: true
      fields:
        app: www
        type: tiantian-assets-service-node4
      fields_under_root: true   
      multiline:
         pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]'
         negate: true
         match: after
    - type: log
      paths:
         - /datalog/service/tiantian-assets-service/node2/nohup.out
      encoding: utf-8
      tail_files: true
      fields:
        app: www
        type: tiantian-assets-service-node2
      fields_under_root: true 
      multiline:
         pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]'
         negate: true
         match: after
    - type: log
      paths:
         - /datalog/service/tiantian-order-service/node2/nohup.out
      encoding: utf-8
      tail_files: true
      fields:
        app: www
        type: tiantian-order-service-node2
      fields_under_root: true
      multiline:
         pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]'
         negate: true
         match: after
    - type: log
      paths:
         - /datalog/service/tiantian-order-service/node4/nohup.out
      encoding: utf-8
      tail_files: true
      fields:
        app: www
        type: tiantian-order-service-node4
      fields_under_root: true
      multiline:
         pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]'
         negate: true
         match: after
    - type: log
      paths:
         - /datalog/service/tiantian-audit-service/node5/nohup.out
      encoding: utf-8
      tail_files: true
      fields:
        app: www
        type: tiantian-audit-service-node5
      fields_under_root: true
      multiline:
         pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]'
         negate: true
         match: after
    - type: log
      paths:
         - /datalog/service/tiantian-audit-service/node6/nohup.out
      encoding: utf-8
      tail_files: true
      fields:
        app: www
        type: tiantian-audit-service-node6
      fields_under_root: true
      multiline:
         pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]'
         negate: true
         match: after
    - type: log
      paths:
         - /datalog/service/tiantian-admin-service/node2/nohup.out
      encoding: utf-8
      tail_files: true
      fields:
        app: www
        type: tiantian-admin-service-node2
      fields_under_root: true
      multiline:
         pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]'
         negate: true
         match: after
    - type: log
      paths:
         - /datalog/service/tiantian-admin-service/node4/nohup.out
      encoding: utf-8
      tail_files: true
      fields:
        app: www
        type: tiantian-admin-service-node4
      fields_under_root: true
      multiline:
         pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]'
         negate: true
         match: after
    - type: log
      paths:
         - /datalog/service/tiantian-collection-service/node5/nohup.out
      encoding: utf-8
      tail_files: true
      fields:
        app: www
        type: tiantian-collection-service-node5
      fields_under_root: true
      multiline:
         pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]'
         negate: true
         match: after
    - type: log
      paths:
         - /datalog/service/tiantian-collection-service/node6/nohup.out
      encoding: utf-8
      tail_files: true
      fields:
        app: www
        type: tiantian-collection-service-node6
      fields_under_root: true
      multiline:
         pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]'
         negate: true
         match: after
    - type: log
      paths:
         - /datalog/service/tiantian-collection-admin/node5/nohup.out
      encoding: utf-8
      tail_files: true
      fields:
        app: www
        type: tiantian-collection-admin-node5
      fields_under_root: true
      multiline:
         pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]'
         negate: true
         match: after
     
    - type: log
      paths:
         - /datalog/service/tiantian-collection-admin/node6/nohup.out
      encoding: utf-8
      tail_files: true
      fields:
        app: www
        type: tiantian-collection-admin-node6
      fields_under_root: true
      multiline:
         pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]'
         negate: true
         match: after
    - type: log
      paths:
         - /datalog/service/tiantian-collection-job/node5/nohup.out
      encoding: utf-8
      tail_files: true
      fields:
        app: www
        type: tiantian-collection-job-node5
      fields_under_root: true
      multiline:
         pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]'
         negate: true
         match: after
    - type: log
      paths:
         - /datalog/service/tiantian-channel-api/node2/nohup.out
      encoding: utf-8
      tail_files: true
      fields:
        app: www
        type: tiantian-channel-api-node2
      fields_under_root: true
      multiline:
         pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]'
         negate: true
         match: after
    - type: log
      paths:
         - /datalog/service/tiantian-channel-api/node4/nohup.out
      encoding: utf-8
      tail_files: true
      fields:
        app: www
        type: tiantian-channel-api-node4
      fields_under_root: true
      multiline:
         pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]'
         negate: true
         match: after
    - type: log
      paths:
         - /datalog/service/tiantian-job/node4/nohup.out
      encoding: utf-8
      tail_files: true
      fields:
        app: www
        type: tiantian-job-node4
      fields_under_root: true
      multiline:
         pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]'
         negate: true
         match: after
    - type: log
      paths:
         - /datalog/service/tiantian-mq-service/node2/nohup.out
      encoding: utf-8
      tail_files: true
      fields:
        app: www
        type: tiantian-mq-service-node2
      fields_under_root: true
      multiline:
         pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]'
         negate: true
         match: after
    - type: log
      paths:
         - /datalog/service/tiantian-mq-service/node4/nohup.out
      encoding: utf-8
      tail_files: true
      fields:
        app: www
        type: tiantian-mq-service-node4
      fields_under_root: true
      multiline:
         pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]'
         negate: true
         match: after
    - type: log
      paths:
         - /datalog/service/jz-asset/node1/nohup.out
      encoding: utf-8
      tail_files: true
      fields:
        app: www
        type: jz-asset-node1
      fields_under_root: true
      multiline:
         pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]'
         negate: true
         match: after
    - type: log
      paths:
         - /datalog/service/tiantian-channel-admin/node2/nohup.out
      encoding: utf-8
      tail_files: true
      fields:
        app: www
        type: tiantian-channel-admin-node2
      fields_under_root: true
      multiline:
         pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]'
         negate: true
         match: after
    - type: log
      paths:
         - /datalog/service/tiantian-channel-admin/node4/nohup.out
      encoding: utf-8
      tail_files: true
      fields:
        app: www
        type: tiantian-channel-admin-node4
      fields_under_root: true
      multiline:
         pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]'
         negate: true
         match: after
    - type: log
      paths:
         - /datalog/service/tiantian-admin-api/node5/nohup.out
      encoding: utf-8
      tail_files: true
      fields:
        app: www
        type: tiantian-admin-api-node5
      fields_under_root: true
      multiline:
         pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]'
         negate: true
         match: after
     
     
    - type: log
      paths:
         - /datalog/service/tiantian-admin-api/node6/nohup.out
      encoding: utf-8
      tail_files: true
      fields:
        app: www
        type: tiantian-admin-api-node6
      fields_under_root: true
      multiline:
         pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]'
         negate: true
         match: after
    - type: log
      paths:
         - /datalog/service/tiantian-api-v2/node2/nohup.out
      encoding: utf-8
      tail_files: true
      fields:
        app: www
        type: tiantian-api-v2-node2
      fields_under_root: true
      multiline:
         pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]'
         negate: true
         match: after
    - type: log
      paths:
         - /datalog/service/tiantian-api-v2/node4/nohup.out
      encoding: utf-8
      tail_files: true
      fields:
        app: www
        type: tiantian-api-v2-node4
      fields_under_root: true
      multiline:
         pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]'
         negate: true
         match: after
    - type: log
      paths:
         - /datalog/service/tiantian-audit-admin/node5/nohup.out
      encoding: utf-8
      tail_files: true
      fields:
        app: www
        type: tiantian-audit-admin-node5
      fields_under_root: true
      multiline:
         pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]'
         negate: true
         match: after
    - type: log
      paths:
         - /datalog/service/tiantian-audit-admin/node6/nohup.out
      encoding: utf-8
      tail_files: true
      fields:
        app: www
        type: tiantian-audit-admin-node6
      fields_under_root: true
      multiline:
         pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]'
         negate: true
         match: after
    - type: log
      paths:
         - /datalog/service/xxd-credit-service/node2/nohup.out
      encoding: utf-8
      tail_files: true
      fields:
        app: www
        type: xxd-credit-service-node2
      fields_under_root: true
      multiline:
         pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]'
         negate: true
         match: after
    - type: log
      paths:
         - /datalog/service/xxd-jinbaodai-api/node4/nohup.out
      encoding: utf-8
      tail_files: true
      fields:
        app: www
        type: xxd-jinbaodai-api-node4
      fields_under_root: true
      multiline:
         pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]'
         negate: true
         match: after
    - type: log
      paths:
         - /datalog/service/xxd-jinbaodai-api/node7/nohup.out
      encoding: utf-8
      tail_files: true
      fields:
        app: www
        type: xxd-jinbaodai-api-node7
      fields_under_root: true
      multiline:
         pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]'
         negate: true
         match: after
    - type: log
      paths:
         - /datalog/service/xxd-jinbaodai-service/node4/nohup.out
      encoding: utf-8
      tail_files: true
      fields:
        app: www
        type: xxd-jinbaodai-service-node4
      fields_under_root: true
      multiline:
         pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]'
         negate: true
         match: after
    - type: log
      paths:
         - /datalog/service/xxd-jinbaodai-service/node7/nohup.out
      encoding: utf-8
      tail_files: true
      fields:
        app: www
        type: xxd-jinbaodai-service-node7
      fields_under_root: true
      multiline:
         pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]'
         negate: true
         match: after
    - type: log
      paths:
         - /datalog/service/xxd-ops-service/node5/nohup.out
      encoding: utf-8
      tail_files: true
      fields:
        app: www
        type: xxd-ops-service-node5
      fields_under_root: true
      multiline:
         pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]'
         negate: true
         match: after
    - type: log
      paths:
         - /datalog/service/xxd-ops-service/node6/nohup.out
      encoding: utf-8
      tail_files: true
      fields:
        app: www
        type: xxd-ops-service-node6
      fields_under_root: true
      multiline:
         pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]'
         negate: true
         match: after
    - type: log
      paths:
         - /datalog/service/tiantian-warning/node5/nohup.out
      encoding: utf-8
      tail_files: true
      fields:
        app: www
        type: tiantian-warning-node5
      fields_under_root: true
      multiline:
         pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]'
         negate: true
         match: after
    - type: log
      paths:
         - /datalog/service/tiantian-warning/node6/nohup.out
      encoding: utf-8
      tail_files: true
      fields:
        app: www
        type: tiantian-warning-node6
      fields_under_root: true
      multiline:
         pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]'
         negate: true
         match: after
    - type: log
      paths:
         - /datalog/service/xxd-ops-web/node6/nohup.out
      encoding: utf-8
      tail_files: true
      backoff: 1s
      fields:
        app: www
        type: xxd-ops-web-node5
      fields_under_root: true
      multiline:
         pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]'
         negate: true
         match: after
    filebeat.config.modules:
      path: ${path.config}/modules.d/*.yml
      reload.enabled: false
    setup.template.settings:
      index.number_of_shards: 1
    setup.kibana:
    output.logstash:
      hosts: ["172.17.199.231:5044"]
    processors:
      - add_host_metadata: ~
      - add_cloud_metadata: ~
    
    

    3 配置文件解释

    filebeat.prospectors:
    
    input_type: log
    paths:
    
    '/mnt/iss/service/order/nlogs/.log' #==监听日志文件全路径 全部监听用,否则直接写具体文件名,也可模糊匹配。多个目录时增加一行配置即可
    encoding: utf-8 #==编码格式
    exclude_files: [".gz$ | .gc."] #==排除监听的文件
    
    fields:
    serverName: 'user-service-006' ##==额外添加的字段,用于区分服务器名称
    type: service-log ##==多种服务日志时的区分字段
    fields_under_root: true ##==是否直接添加这些字段到日志内容中
    scan_frequency: 3s ##==扫描文件的频率
    #===== Multiline options
    multiline: ##==多行日志的合并配置,用于异常堆栈内容时的处理
    pattern: '^{"date":'
    negate: true
    match: after
    timeout: 2s
    backoff: 1s
    max_backoff: 3s
    
    close_renamed: false ##文件重命名后是否停止监听
    close_removed: true ##文件被删除后是否停止监听
    tail_files: true ## 是否从文件末尾读取(启动时)
    enabled: true
    filebeat.spool_size: 2048 ## 事件发送的阀值,超过阀值,强制刷新网络连接
    filebeat.idle_timeout: 2s ## 事件发送的超时时间,即使没有超过阀值,也会强制刷新网络连接
    
    ignore_older: 24h ##日志文件监听超时时间阀值
    
    

    六 加密访问

    默认kibana直接可以访问,但是这样不太安全,这里我们采用nginx反向代理,并且设置密码访问

    1 安装加密工具

    需要安装httpd的密码文件工具
    yum -y install httpd-tools
    htpasswd -c -b /etc/kibana/kibana.passwd kibana 111111
    

    2 安装nginx并配置

    server {
    	listen 80;
    	server_name kibana.tiantianjiedao.com;
            access_log /var/log/nginx/kibana/kinaba_access.log main;
            error_log /var/log/nginx/kibana/kinaba_error.log;
    
            auth_basic "Kibana Auth";
            auth_basic_user_file /etc/kibana/kibana.passwd;
    	index  index.html index.htm;
    	location / {
    		proxy_set_header Host      $host;
    		proxy_set_header X-Real-IP $remote_addr;
    		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    		proxy_pass http://172.17.199.231:5601;
    	}
    }
    
    
    
    

    最后启动nginx,直接访问nginxip即可

  • 相关阅读:
    南阳97
    南阳96
    南阳94
    南阳77
    南阳75
    南阳74
    南阳65
    一般图匹配
    466E
    hdu5057 分块处理,当数值大于数据范围时树状数组 真是巧 将大数据分为小数据来处理
  • 原文地址:https://www.cnblogs.com/huningfei/p/12761413.html
Copyright © 2020-2023  润新知