娃哈哈好喝nginx日志输出部分省略了,只写主要的部分
1、filebeat配置
[root@centos filebeat]# cat filebeat.yml
filebeat.inputs:
- type: log
enabled: true
paths:
- /data/openresty/nginx/logs/*.log
tags: ["access"]
fields:
service: "saas-activity"
fields_under_root: true
output.redis:
hosts: ["172.2.2.1:6379"] #输出到redis的机器
password: "123@abcd" #redis密码
key: "nginx-log" #redis中日志数据的key值ֵ
db: 1 #redis库
timeout: 5
[root@centos filebeat]#
2、logstash配置
logstash配置分2个文件配置,分别是input和output配置文件
[root@centos conf.d]$ cat input.conf
input {
redis {
host => "172.2.2.1"
port => "6379"
password => "123@abc"
db => "1"
data_type => "list"
key => "nginx-log"
}
}
[root@centos conf.d]$
[root@centos conf.d]$ cat output.conf
filter {
json {
#取哪个字段的值
source => "message"
#想要删除的字段
#remove_field => ["host.name"]
}
}
output {
elasticsearch {
hosts => ["172.2.2.1:9200"]
index => "nginx-log-%{+YYYY-MM-dd}"
user => "elastic"
password => "123@abc"
}
}
[root@centos conf.d]$
其他中间件按照正常配置就可以了,配置完成后logstash会去redis取日志,被消费的日志会自动从redis删除