Technology sharing

한어Русский языкEnglishFrançaisIndonesianSanskrit日本語DeutschPortuguêsΕλληνικάespañolItalianoSuomalainenLatina

Communiter obturaculum-ins ad ELK filtrum moduli

Communiter usus est obturaculum-ins ad colum moduli logstash:

sparguntur: significat tabulatum MGE, inter notas formatting, datas conversionis genus, data eliquare, etc.

1. grok plures magnas textus agros dividit in parvas agros (?<campum nomen> regularis expressionis) nomen campi: contenta expressio regularis compositus
2. date unificat et format tempus forma in notitia
3. mutare potest nominare, delere, reponere et mutare agros in eventibus.Exempli gratia: agros inutiles removere vel consuetudines agrorum addere.
4. multilinei uniformiter plures ordines datarum ordinat et compendiat plures ordines notitiarum in unum ordinem

GROK: regularis captio obturaculum-in

Utere segmento textu fragmenti ad eventum segmenti segmenti, quae in regulas regulares et consuetudinum regularum regulas constructa dividuntur.

Inaedificata regulari expressione vocationis:% (aedificata regulariter expressio: nomen agri)
 

Consuetudo regularis expressionis vocatio: (?<ager nomen> consuetudo regularis expressio)

         

multiline: multiplices ordines datarum colligite et in uno ordine notitiarum plures ordines digestus

forma (par lineae per iustam expressionem)
falsum means not to negate (false| true, whether to negate. False means not to negate, and the lines matching the regular expression will be merged according to the settings of what
verum significat negationem, et lineae ex expressione regulari compositae non secundum occasum mergi possunt)
quid (prior | deinde, prior modo merge sursum, deinde deorsum merge"

date: Unificata forma temporis notae @timestamp rerum logarum collectarum ex logstash cum ipsa typographica tempore iniuriae.

1. Primum obturaculum-grok configurant ad tempus stipes separandum et tempus agros imprimendi.
2. Usus compositus in obturaculum-diei in configuratione ut congruit tempori forma stipendii temporis agri.
3. Tunc utere scopum ad output ad @timestamp agri ad unitatem redigendis temporis forma.
 

ELK Optimized Filebeat instruere

install NGINX

cd /etc/yum.repos.d/
上传nginx.repo文件
yum install -y nginx
systemctl enable --now nginx
cd /usr/share/nginx/html
  #准备测试页面
echo '<h1>this is web page</h1>' > test.html
echo '<h1>this is web2 page</h1>' > test1.html

Install Filebeat

上传软件包 filebeat-6.7.2-linux-x86_64.tar.gz 到/opt目录
tar xf filebeat-6.7.2-linux-x86_64.tar.gz
mv filebeat-6.7.2-linux-x86_64 /usr/local/filebeat

Constitue pelagus configuratione file de filebeat

cd /usr/local/filebeat
cp filebeat.yml filebeat.yml.bak
vim filebeat.yml
filebeat.inputs:
- type: log         #指定 log 类型，从日志文件中读取消息
  enabled: true     #24行
  paths:
    - /var/log/nginx/access.log       #28行指定监控的日志文件
    - /var/log/nginx/error.log
  tags: ["filebeat"]		#设置索引标签
  fields:           #46行可以使用 fields 配置选项设置一些参数字段添加到 output 中
    service_name: nginx
    log_from: 192.168.73.130 
 
--------------output-------------------
(全部注释掉)
 
----------------Logstash output---------------------
output.logstash:    #162行
  hosts: ["192.168.73.120:5044"]      #164行指定 logstash 的 IP 和端口

Mutare Logstash configuratione

cd /etc/logstash/conf.d
vim filebeat.conf
input {
    beats {
        port => "5044"
    }
}
 
#filter {}
 
output {
     elasticsearch {
                  hosts => ["192.168.73.80:9200", "192.168.73.100:9200", "192.168.73.110:9200"]   #集群els地址
                  index => "nginx-%{+yyyy.MM.dd}"
     }
 
}
 
 
logstash -t -f filebeat.conf  #检查文件

Satus configuratione filebeat

192.168.73.130

Satus ./filebeat -e -c filebeat.yml

Satus logstash

192.168.73.120

Satus logstashlogstash -f filebeat.conf