elk(都是6.2.4重点-版本2-收集nginx日志并分析绘图(单点es,redis缓存)-无filebeat

elk(都是6.2.4重点-版本2-收集 nginx 日志 并分析绘图 (单点es ,redis缓存 -无filebeat

如果对运维课程感兴趣,可以在b站上、A站或csdn上搜索我的账号: 运维实战课程,可以关注我,学习更多免费的运维实战技术视频

1 . 搭建 elk 6.2.4 环境(cent 7. 4 ),logstash收集 nginx 日志 写入es redis解耦操作)

规划: 192.168.171.128: es

192.168.171.129: logstash1 和nginx (收集nginx日志) logstash1将日志数据写入redis

192.168.171.130: nginx+kibana(nginx使得kibana能用用户和密码认证登录)

192.168.171.131: redis 和logstash2 logstash2将日志数据从redis读出,写入es中

1 ) 在192.168.171.128上: 安装elasticsearch :

a)环境准备

root@bogon \~\]# vim /etc/security/limits.conf \* soft nofile 65536 #注意必须是65536以上,65535都不行 \* hard nofile 65536 \* soft nproc 4096 \* hard nproc 4096 \[root@bogon \~\]# vim /etc/security/limits.d/20-nproc.conf \* soft nproc 4096 #至少是4096,若小于则需修改,也可大于4096 \[root@bogon \~\]# vim /etc/sysctl.conf vm.max_map_count=262144 #添加,至少是262144 \[root@bogon \~\]# sysctl -p \[root@bogon \~\]# reboot \[root@bogon \~\]# systemctl stop firewalld.service b)安装jdk1.8: \[root@bogon \~\]# mkdir /usr/local/java \[root@bogon \~\]# rz 上传jdk1.8包 \[root@bogon \~\]# ls jdk-8u144-linux-x64.tar.gz \[root@bogon \~\]# tar -zxf jdk-8u144-linux-x64.tar.gz \[root@bogon \~\]# ls jdk1.8.0_144 jdk-8u144-linux-x64.tar.gz \[root@bogon \~\]# mv jdk1.8.0_144/ /usr/local/java/ \[root@bogon \~\]# ls /usr/local/java/ jdk1.8.0_144 \[root@bogon \~\]# vim /etc/profile #最后面添加: JAVA_HOME=/usr/local/java/jdk1.8.0_144 CLASSPATH=.:$JAVA_HOME/jre/lib/rt.jar:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar PATH=$JAVA_HOME/bin:$PATH export JAVA_HOME CLASSPATH PATH \[root@bogon \~\]# source /etc/profile \[root@bogon \~\]# java -version java version "1.8.0_144" Java(TM) SE Runtime Environment (build 1.8.0_144-b01) Java HotSpot(TM) 64-Bit Server VM (build 25.144-b01, mixed mode) \[root@bogon \~\]# rz 上传elasticsearch包,并安装elasticsearch,(es启动需要普通用户,其他服务启动用root) \[root@bogon \~\]# ls elasticsearch-6.2.4.tar.gz jdk-8u144-linux-x64.tar.gz \[root@bogon \~\]# tar -zxf elasticsearch-6.2.4.tar.gz \[root@bogon \~\]# ls elasticsearch-6.2.4 elasticsearch-6.2.4.tar.gz jdk-8u144-linux-x64.tar.gz \[root@bogon \~\]# mv elasticsearch-6.2.4 /opt/ \[root@bogon \~\]# ls /opt/elasticsearch-6.2.4/ bin config lib LICENSE.txt logs modules NOTICE.txt plugins README.textile \[root@bogon \~\]# groupadd eszu \[root@bogon \~\]# useradd esyonghu -g eszu -p 123456 \[root@bogon \~\]# chown -R esyonghu:eszu /opt/elasticsearch-6.2.4/ \[root@bogon \~\]# su - esyonghu \[esyonghu@bogon \~\]$ vim /opt/elasticsearch-6.2.4/config/elasticsearch.yml network.host: 192.168.171.128 #修改,本机ip,或者0.0.0.0,监听本机所有ip http.port: 9200 #释放 \[esyonghu@bogon \~\]$ cd /opt/elasticsearch-6.2.4/bin/ \[esyonghu@bogon bin\]$ ls elasticsearch elasticsearch \[esyonghu@bogon bin\]$ ./elasticsearch -d #后台启动es,或者先./ elasticsearch前台启动查看下是否能启动再后台启动 \[esyonghu@bogon bin\]$ tailf /opt/elasticsearch-6.2.4/logs/elasticsearch.log #查看启动日志,有时需要等会才能形成日志 ......... \[2019-10-12T21:27:15,635\]\[INFO \]\[o.e.c.s.ClusterApplierService\] \[koccs5f\] new_master {koccs5f}{koccs5fwSre801IprBSrzw}{A-z15PqtRByWA494KhVH_A}{192.168.171.128}{192.168.171.128:9300}, reason: apply cluster state (from master \[master {koccs5f}{koccs5fwSre801IprBSrzw}{A-z15PqtRByWA494KhVH_A}{192.168.171.128}{192.168.171.128:9300} committed version \[1\] source \[zen-disco-elected-as-master (\[0\] nodes joined)\]\]) \[2019-10-12T21:27:15,743\]\[INFO \]\[o.e.h.n.Netty4HttpServerTransport\] \[koccs5f\] publish_address {192.168.171.128:9200}, bound_addresses {192.168.171.128:9200} \[2019-10-12T21:27:15,744\]\[INFO \]\[o.e.n.Node \] \[koccs5f\] started \[2019-10-12T21:27:15,746\]\[INFO \]\[o.e.g.GatewayService \] \[koccs5f\] recovered \[0\] indices into cluster_state \[esyonghu@bogon bin\]$ netstat -anput \|grep 9200 有9200端口 \[esyonghu@bogon bin\]$ curl [http://192.168.171.128:9200](http://192.168.224.133:9200 "http://192.168.171.128:9200") 能访问es默认页面 客户端浏览器外网访问,如下:[http://192.168.171.128:9200/](http://192.168.224.133:9200/ "http://192.168.171.128:9200/") ![](https://i-blog.csdnimg.cn/direct/2f7a2af0477a412ca5ecaad50e123141.png) c)elasticsearch安装head插件:是es的一个客户端管理工具(es5.0版本后,head插件独立安装) 安装nodejs环境: (head插件会用到grunt,而grunt需要npm包管理器,所以需要安装nodejs环境) 另开一个窗口,用root用户,也可用其他用户 \[root@bogon \~\]# rz 上传nodejs包 \[root@bogon \~\]# ls elasticsearch-6.2.4.tar.gz jdk-8u144-linux-x64.tar.gz node-v9.6.1-linux-x64.tar.xz \[root@bogon \~\]# xz -d node-v9.6.1-linux-x64.tar.xz \[root@bogon \~\]# ls elasticsearch-6.2.4.tar.gz jdk-8u144-linux-x64.tar.gz node-v9.6.1-linux-x64.tar \[root@bogon \~\]# tar -xf node-v9.6.1-linux-x64.tar \[root@bogon \~\]# ls elasticsearch-6.2.4.tar.gz jdk-8u144-linux-x64.tar.gz node-v9.6.1-linux-x64 node-v9.6.1-linux-x64.tar \[root@bogon \~\]# mv node-v9.6.1-linux-x64 /opt/ \[root@bogon \~\]# ls /opt/node-v9.6.1-linux-x64/ bin CHANGELOG.md include lib LICENSE README.md share \[root@bogon \~\]# export PATH=$PATH:/opt/node-v9.6.1-linux-x64/bin \[root@bogon \~\]# echo "export PATH=$PATH:/opt/node-v9.6.1-linux-x64/bin" \>\> /etc/profile \[root@bogon \~\]# tail -1 /etc/profile export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin:/opt/node-v9.6.1-linux-x64/bin:/opt/node-v9.6.1-linux-x64/bin \[root@bogon \~\]# source /etc/profile \[root@bogon \~\]# node -v v9.6.1 \[root@bogon \~\]# npm -v 5.6.0 \[root@bogon \~\]# npm install -g grunt-cli #安装head插件依赖工具 \[root@bogon \~\]# grunt --version grunt-cli v1.3.2 从github删下载head插件,也可先下载后,保留存起来 \[root@bogon \~\]# yum -y install git \[root@bogon \~\]# git clone git://github.com/mobz/elasticsearch-head.git \[root@bogon \~\]# ls elasticsearch-6.2.4.tar.gz elasticsearch-head jdk-8u144-linux-x64.tar.gz node-v9.6.1-linux-x64.tar \[root@bogon \~\]# mv elasticsearch-head/ /opt #移到/opt/elasticsearch-6.2.4/plugins/试验不行,新版可能不让在该目录下安装插件 \[root@bogon \~\]# ls /opt/ elasticsearch-6.2.4 elasticsearch-head node-v9.6.1-linux-x64 \[root@bogon \~\]# cd /opt/elasticsearch-head/ \[root@bogon elasticsearch-head\]# ls Dockerfile Gruntfile.js LICENCE proxy src Dockerfile-alpine grunt_fileSets.js package.json README.textile test elasticsearch-head.sublime-project index.html plugin-descriptor.properties _site 更换npm源,安装cnpm命令,使用cnpm命令安装head插件 \[root@bogon elasticsearch-head\]# npm install -g cnpm --registry=https://registry.npm.taobao.org \[root@bogon elasticsearch-head\]# cnpm install #使用cnpm安装 ......下面有些报错,但是没影响 Error: post install error, please remove node_modules before retry! Run "sh -c node install.js" error, exit code 1 at ChildProcess.proc.on.code (/opt/node-v9.6.1-linux-x64/lib/node_modules/cnpm/node_modules/runscript/index.js:74:21) at ChildProcess.emit (events.js:127:13) ...... \[root@bogon elasticsearch-head\]# vim Gruntfile.js ...... connect: { server: { options: { hostname: '\*', #添加 port: 9100, base: '.', keepalive: true } } } \[root@bogon elasticsearch-head\]# vim _site/app.js ...... this.base_uri = this.config.base_uri \|\| this.prefs.get("app-base_uri") \|\| "http://192.168.171.128:9200"; #修改成本机ip 配置es允许跨域访问:(修改es的配置文件) \[root@bogon elasticsearch-head\]# vim /opt/elasticsearch-6.2.4/config/elasticsearch.yml #最后面添加两个下面的 http.cors.enabled: true #添加 http.cors.allow-origin: '\*' #添加 wq d)重新启动es服务: (可以在另一个普通用户的窗口) \[esyonghu@bogon bin\]$ ps -ef \|grep elasticsearch 查看进程号:1311 \[esyonghu@bogon bin\]$ kill -9 1311 \[esyonghu@bogon bin\]$ pwd /opt/elasticsearch-6.2.4/bin \[esyonghu@bogon bin\]$ ./elasticsearch -d \[esyonghu@bogon bin\]$ tailf /opt/elasticsearch-6.2.4/logs/elasticsearch.log \[esyonghu@bogon bin\]$ netstat -anput \|grep 9200 有端口 e)启动es-head插件:(另一个终端,可以用root用户启动) \[root@bogon elasticsearch-head\]# cd /opt/elasticsearch-head/node_modules/grunt/bin/ \[root@bogon bin\]# ls grunt \[root@bogon bin\]# ./grunt server \& #启动head插件服务 ......... Running "connect:server" (connect) task eWaiting forever... Started connect web server on http://localhost:9100 \[root@bogon bin\]# netstat -anput \|grep 9100 tcp6 0 0 :::9100 :::\* LISTEN 2814/grunt \[root@bogon bin\]# cd f)客户端浏览器访问:访问正常es和插件管理地址 [http://192.168.171.128:9200/](http://192.168.224.133:9200/ "http://192.168.171.128:9200/") ![](https://i-blog.csdnimg.cn/direct/002509bdff4a4de6aacac22cad1114cd.png) [http://192.168.171.128:9100/](http://192.168.224.133:9100/ "http://192.168.171.128:9100/"): ![](https://i-blog.csdnimg.cn/direct/e91f6ad14e2347f5bb1c8cbcc3eba257.png) g)使用head插件管理工具,向elasticsearch服务里写些测试数据: 点击复合查询,如下: ![](https://i-blog.csdnimg.cn/direct/aac93eb4453e475c91f16b3bc35c3352.png) 删除默认的,写些测试数据,如下: [http://192.168.171.128:9200/](http://192.168.224.133:9200/ "http://192.168.171.128:9200/") #默认的地址,注意:最后一个/不能去掉 index-demo1/test1 #这些都是手动自定义的,创建后,形成的索引名(数据库名)就是:index-demo1,类型(表)是:test1,注:index-...前面不能有/, 数据: { "user":"shi1", "age":"30", "gender":"male" } ![](https://i-blog.csdnimg.cn/direct/cb92f579f50148ad939371bf9b9e7740.png) 点击提交请求,如下 ![](https://i-blog.csdnimg.cn/direct/c740b3a3cef44cfebe5699e371655a61.png) 以此为例,再建立一些数据,点击数据浏览后,可查询数据,如下: ![](https://i-blog.csdnimg.cn/direct/d2b5d906345f4d67a7538f899d896bc6.png) elasticsearch搭建完毕。 ****2**** ****)**** ****在192.168.171.129上:**** ****安装**** ****logstash6.2.4**** ****+准备准备的nginx日志文件**** ****:**** ****(**** ****版本要和es版本相同,是日志搜集服务,搜集日志后可写入es**** ****)**** a)安装logstash1 6.2.4(需要jdk环境) \[root@bogon \~\]# mkdir /usr/local/java \[root@bogon \~\]# rz 上传jdk1.8包 \[root@bogon \~\]# ls jdk-8u144-linux-x64.tar.gz \[root@bogon \~\]# tar -zxf jdk-8u144-linux-x64.tar.gz \[root@bogon \~\]# ls jdk1.8.0_144 jdk-8u144-linux-x64.tar.gz \[root@bogon \~\]# mv jdk1.8.0_144/ /usr/local/java/ \[root@bogon \~\]# ls /usr/local/java/ jdk1.8.0_144 \[root@bogon \~\]# vim /etc/profile #最后面添加: JAVA_HOME=/usr/local/java/jdk1.8.0_144 CLASSPATH=.:$JAVA_HOME/jre/lib/rt.jar:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar PATH=$JAVA_HOME/bin:$PATH export JAVA_HOME CLASSPATH PATH \[root@bogon \~\]# source /etc/profile \[root@bogon \~\]# java -version java version "1.8.0_144" Java(TM) SE Runtime Environment (build 1.8.0_144-b01) Java HotSpot(TM) 64-Bit Server VM (build 25.144-b01, mixed mode) \[root@bogon \~\]# rz 上传logstash包 \[root@bogon \~\]# ls jdk-8u144-linux-x64.tar.gz logstash-6.2.4.tar.gz \[root@bogon \~\]# tar -zxf logstash-6.2.4.tar.gz \[root@bogon \~\]# mv logstash-6.2.4 /opt/ \[root@bogon \~\]# ls /opt/ elasticsearch-6.2.4 elasticsearch-head logstash-6.2.4 node-v9.6.1-linux-x64 \[root@bogon \~\]# ls /opt/logstash-6.2.4/ bin CONTRIBUTORS Gemfile lib logstash-core modules tools config data Gemfile.lock LICENSE logstash-core-plugin-api NOTICE.TXT vendor \[root@bogon \~\]# ls /opt/logstash-6.2.4/bin/logstash /opt/logstash-6.2.4/bin/logstash \[root@bogon \~\]# cd /opt/logstash-6.2.4/ \[root@bogon logstash-6.2.4\]# ls bin CONTRIBUTORS Gemfile lib logstash-core modules tools config data Gemfile.lock LICENSE logstash-core-plugin-api NOTICE.TXT vendor \[root@bogon \~\]# export PATH=$PATH:/opt/logstash-6.2.4/bin \[root@bogon \~\]# echo "PATH=$PATH:/opt/logstash-6.2.4/bin" \>\> /etc/profile \[root@bogon \~\]# source /etc/profile \[root@bogon \~\]# logstash -V logstash 6.2.4 logstash安装完毕,启动时候,可以先创建配置文件,然后指定配置文件启动,配置文件位置在哪都行,启动时候能找到就行,内容也是自己定义写的内容。 b)安装nginx \[root@bogon \~\]# yum -y install gcc gcc-c++ \[root@bogon \~\]# yum -y install openssl-devel openssl zlib zlib-devel pcre pcre-devel \[root@bogon \~\]# rz 上传nginx包 \[root@bogon \~\]# ls nginx-1.6.2.tar.gz nginx-1.6.2.tar.gz \[root@bogon \~\]# tar -zxf nginx-1.6.2.tar.gz \[root@bogon \~\]# cd nginx-1.6.2 \[root@bogon nginx-1.6.2\]# ls auto CHANGES CHANGES.ru conf configure contrib html LICENSE man README src \[root@bogon nginx-1.6.2\]# useradd -s /sbin/nologin -M nginx \[root@bogon nginx-1.6.2\]# ./configure --user=nginx --group=nginx --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module \[root@bogon nginx-1.6.2\]# make \&\& make install \[root@bogon nginx-1.6.2\]# ls /usr/local/nginx/ conf html logs sbin \[root@bogon nginx-1.6.2\]# /usr/local/nginx/sbin/nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful \[root@bogon nginx-1.6.2\]# /usr/local/nginx/sbin/nginx \[root@bogon nginx-1.6.2\]# netstat -anput \|grep 80 tcp 0 0 0.0.0.0:80 0.0.0.0:\* LISTEN 15918/nginx: master \[root@localhost nginx-1.6.2\]# cd \[root@bogon \~\]# vim /usr/local/nginx/conf/nginx.conf ....... #下面是在http模块添加: log_format json '{ "@timestamp": "$time_iso8601", ' '"remote_addr": "$remote_addr", ' '"remote_user": "$remote_user", ' '"body_bytes_sent": "$body_bytes_sent", ' '"request_time": "$request_time", ' '"status": "$status", ' '"request_uri": "$request_uri", ' '"request_method": "$request_method", ' '"http_referrer": "$http_referer", ' '"http_x_forwarded_for": "$http_x_forwarded_for", ' '"http_user_agent": "$http_user_agent"}'; access_log logs/access.log json; ......... \[root@bogon \~\]# /usr/local/nginx/sbin/nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful \[root@bogon \~\]# /usr/local/nginx/sbin/nginx -s reload \[root@bogon \~\]# netstat -anput \|grep 80 tcp 0 0 0.0.0.0:80 0.0.0.0:\* LISTEN 1885/nginx: master 访问产生访问日志: \[root@bogon \~\]# curl 127.0.0.1 \[root@bogon \~\]# curl 127.0.0.1 \[root@bogon \~\]# curl 127.0.0.1 \[root@bogon \~\]# curl 127.0.0.1 \[root@bogon \~\]# curl 127.0.0.1 \[root@bogon \~\]# cat /usr/local/nginx/logs/access.log { "@timestamp": "2019-10-14T18:44:30+08:00", "remote_addr": "127.0.0.1", "remote_user": "-", "body_bytes_sent": "612", "request_time": "0.000", "status": "200", "request_uri": "/", "request_method": "GET", "http_referrer": "-", "http_x_forwarded_for": "-", "http_user_agent": "curl/7.29.0"} { "@timestamp": "2019-10-14T18:44:31+08:00", "remote_addr": "127.0.0.1", "remote_user": "-", "body_bytes_sent": "612", "request_time": "0.000", "status": "200", "request_uri": "/", "request_method": "GET", "http_referrer": "-", "http_x_forwarded_for": "-", "http_user_agent": "curl/7.29.0"} { "@timestamp": "2019-10-14T18:44:32+08:00", "remote_addr": "127.0.0.1", "remote_user": "-", "body_bytes_sent": "612", "request_time": "0.000", "status": "200", "request_uri": "/", "request_method": "GET", "http_referrer": "-", "http_x_forwarded_for": "-", "http_user_agent": "curl/7.29.0"} { "@timestamp": "2019-10-14T18:44:33+08:00", "remote_addr": "127.0.0.1", "remote_user": "-", "body_bytes_sent": "612", "request_time": "0.000", "status": "200", "request_uri": "/", "request_method": "GET", "http_referrer": "-", "http_x_forwarded_for": "-", "http_user_agent": "curl/7.29.0"} { "@timestamp": "2019-10-14T18:44:33+08:00", "remote_addr": "127.0.0.1", "remote_user": "-", "body_bytes_sent": "612", "request_time": "0.000", "status": "200", "request_uri": "/", "request_method": "GET", "http_referrer": "-", "http_x_forwarded_for": "-", "http_user_agent": "curl/7.29.0"} \[root@bogon \~\]# vim /usr/local/nginx/logs/access.log #修改一下日志文件,将ip改成外网,能分析地理位置的ip { "@timestamp": "2019-10-14T18:40:30+08:00", "remote_addr": "103.216.43.11", "remote_user": "-", "body_bytes_sent": "612", "request_time": "0.001", "status": "304", "request_uri": "/", "request_method": "GET", "http_referrer": "-", "http_x_forwarded_for": "-", "http_user_agent": "curl/7.29.0"} { "@timestamp": "2019-10-14T18:41:31+08:00", "remote_addr": "103.216.43.11", "remote_user": "-", "body_bytes_sent": "612", "request_time": "0.002", "status": "200", "request_uri": "/", "request_method": "GET", "http_referrer": "-", "http_x_forwarded_for": "-", "http_user_agent": "curl/7.29.0"} { "@timestamp": "2019-10-14T18:42:32+08:00", "remote_addr": "103.216.43.11", "remote_user": "-", "body_bytes_sent": "612", "request_time": "0.003", "status": "500", "request_uri": "/", "request_method": "GET", "http_referrer": "-", "http_x_forwarded_for": "-", "http_user_agent": "curl/7.29.0"} { "@timestamp": "2019-10-14T18:43:33+08:00", "remote_addr": "103.216.43.11", "remote_user": "-", "body_bytes_sent": "612", "request_time": "0.004", "status": "200", "request_uri": "/", "request_method": "GET", "http_referrer": "-", "http_x_forwarded_for": "-", "http_user_agent": "curl/7.29.0"} { "@timestamp": "2019-10-14T18:44:33+08:00", "remote_addr": "103.216.43.113", "remote_user": "-", "body_bytes_sent": "612", "request_time": "0.005", "status": "403", "request_uri": "/", "request_method": "GET", "http_referrer": "-", "http_x_forwarded_for": "-", "http_user_agent": "curl/7.29.0"} { "@timestamp": "2019-10-14T18:45:33+08:00", "remote_addr": "103.216.43.113", "remote_user": "-", "body_bytes_sent": "612", "request_time": "0.006", "status": "200", "request_uri": "/", "request_method": "GET", "http_referrer": "-", "http_x_forwarded_for": "-", "http_user_agent": "curl/7.29.0"} { "@timestamp": "2019-10-14T18:46:33+08:00", "remote_addr": "103.216.43.113", "remote_user": "-", "body_bytes_sent": "612", "request_time": "0.007", "status": "201", "request_uri": "/", "request_method": "GET", "http_referrer": "-", "http_x_forwarded_for": "-", "http_user_agent": "curl/7.29.0"} { "@timestamp": "2019-10-14T18:47:33+08:00", "remote_addr": "105.216.43.12", "remote_user": "-", "body_bytes_sent": "612", "request_time": "0.008", "status": "200", "request_uri": "/", "request_method": "GET", "http_referrer": "-", "http_x_forwarded_for": "-", "http_user_agent": "curl/7.29.0"} { "@timestamp": "2019-10-14T18:48:33+08:00", "remote_addr": "105.216.43.12", "remote_user": "-", "body_bytes_sent": "612", "request_time": "0.008", "status": "206", "request_uri": "/", "request_method": "GET", "http_referrer": "-", "http_x_forwarded_for": "-", "http_user_agent": "curl/7.29.0"} { "@timestamp": "2019-10-14T18:49:33+08:00", "remote_addr": "104.216.43.11", "remote_user": "-", "body_bytes_sent": "612", "request_time": "0.009", "status": "200", "request_uri": "/", "request_method": "GET", "http_referrer": "-", "http_x_forwarded_for": "-", "http_user_agent": "curl/7.29.0"} ****3**** ****)**** ****在192.168.171.130上: 安装kibana和nginx,nginx配置,使得kibana能用用户登录认证。**** a)安装kibana6.2.4(不需要java环境),自身不支持认证登录,需要配合nginx \[root@bogon \~\]# rz 上传kibana包 \[root@bogon \~\]# ls kibana-6.2.4-linux-x86_64.tar.gz kibana-6.2.4-linux-x86_64.tar.gz \[root@bogon \~\]# tar zxf kibana-6.2.4-linux-x86_64.tar.gz \[root@bogon \~\]# ls 01-logstash.conf jdk-8u144-linux-x64.tar.gz kibana-6.2.4-linux-x86_64.tar.gz node-v9.6.1-linux-x64.tar test_multiline.conf elasticsearch-6.2.4.tar.gz kibana-6.2.4-linux-x86_64 logstash-6.2.4.tar.gz sys-java-log.conf \[root@bogon \~\]# mv kibana-6.2.4-linux-x86_64 /opt/ \[root@bogon \~\]# ls /opt/ elasticsearch-6.2.4 elasticsearch-head kibana-6.2.4-linux-x86_64 logstash-6.2.4 node-v9.6.1-linux-x64 \[root@bogon \~\]# cd /opt/kibana-6.2.4-linux-x86_64/ \[root@bogon kibana-6.2.4-linux-x86_64\]# ls bin config data LICENSE.txt node node_modules NOTICE.txt optimize package.json plugins README.txt src ui_framework webpackShims \[root@bogon kibana-6.2.4-linux-x86_64\]# vim config/kibana.yml server.port: 5601 #本身的服务端口5601默认 server.host: "0.0.0.0" #监听本机所有ip elasticsearch.url: "http://192.168.171.128:9200" #连接es,从es获取数据 kibana.index: ".kibana" #kibana的索引, wq \[root@bogon kibana-6.2.4-linux-x86_64\]# cd bin/ \[root@bogon bin\]# ls kibana kibana-keystore kibana-plugin \[root@bogon bin\]# ./kibana \& #后台运行kibana \[2\] 13186 \[root@bogon bin\]# log \[07:18:24.849\] \[info\]\[status\]\[plugin:[email protected]\] Status changed from uninitialized to green - Ready log \[07:18:24.904\] \[info\]\[status\]\[plugin:[email protected]\] Status changed from uninitialized to yellow - Waiting for Elasticsearch log \[07:18:25.062\] \[info\]\[status\]\[plugin:[email protected]\] Status changed from uninitialized to green - Ready log \[07:18:25.071\] \[info\]\[status\]\[plugin:[email protected]\] Status changed from uninitialized to green - Ready log \[07:18:25.079\] \[info\]\[status\]\[plugin:[email protected]\] Status changed from uninitialized to green - Ready log \[07:18:25.106\] \[info\]\[listening\] Server running at http://0.0.0.0:5601 log \[07:18:25.152\] \[info\]\[status\]\[plugin:[email protected]\] Status changed from yellow to green - Ready \[root@bogon bin\]# netstat -anput \|grep 5601 tcp 0 0 0.0.0.0:5601 0.0.0.0:\* LISTEN 13186/./../node/bin 浏览器直接访问kibana界面:[http://192.168.171.130:5601](http://192.168.224.133:5601 "http://192.168.171.130:5601") 回车后直接就能登录进来,如下: ![](https://i-blog.csdnimg.cn/direct/21bbea49c41e4c9598dde1fd32f2ce13.png) ![](https://i-blog.csdnimg.cn/direct/bcc9832812124a08abede28e116b06d6.png) b)安装nginx,并配置结合kibana,能让kibana通过使用用户和密码认证登录。 \[root@bogon \~\]# yum -y install gcc gcc-c++ \[root@bogon \~\]# yum -y install openssl-devel openssl zlib zlib-devel pcre pcre-devel \[root@bogon \~\]# rz 上传nginx包 \[root@bogon \~\]# ls nginx-1.6.2.tar.gz nginx-1.6.2.tar.gz \[root@bogon \~\]# tar -zxf nginx-1.6.2.tar.gz \[root@bogon \~\]# cd nginx-1.6.2 \[root@bogon nginx-1.6.2\]# ls auto CHANGES CHANGES.ru conf configure contrib html LICENSE man README src \[root@bogon nginx-1.6.2\]# useradd -s /sbin/nologin -M nginx \[root@bogon nginx-1.6.2\]# ./configure --user=nginx --group=nginx --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module \[root@bogon nginx-1.6.2\]# make \&\& make install \[root@bogon nginx-1.6.2\]# ls /usr/local/nginx/ conf html logs sbin \[root@bogon nginx-1.6.2\]# /usr/local/nginx/sbin/nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful \[root@bogon nginx-1.6.2\]# /usr/local/nginx/sbin/nginx \[root@bogon nginx-1.6.2\]# netstat -anput \|grep 80 tcp 0 0 0.0.0.0:80 0.0.0.0:\* LISTEN 15918/nginx: master \[root@localhost nginx-1.6.2\]# cd \[root@localhost \~\]# vim /usr/local/nginx/conf/nginx.conf ....... server { listen 80; server_name localhost; location / { root html; index index.html index.htm; auth_basic "Please input user and password"; #添加 auth_basic_user_file /usr/local/nginx/conf/passwd.db; #添加 proxy_pass [http://192.168.171.130:5601;](http://192.168.171.130:5601; "http://192.168.171.130:5601;") #添加 } } ......... \[root@localhost \~\]# openssl passwd -crypt 123456 #将明文密码进行加密,然后将加密内容写入密码文件 3KWv9TAdX4Qx2 \[root@localhost \~\]# vim /usr/local/nginx/conf/passwd.db shi:3KWv9TAdX4Qx2 \[root@localhost \~\]# /usr/local/nginx/sbin/nginx -s reload 浏览器通过访问nginx访问kibana界面:[http://192.168.171.130](http://192.168.224.133:5601 "http://192.168.171.130") 回车后,需要输入用户名和密码: shi/123456 ![](https://i-blog.csdnimg.cn/direct/e11f949c0faf45f4841002b04a11235a.png) 确定后,才能登录,如下: ![](https://i-blog.csdnimg.cn/direct/327914c02b1341158482838c984ac84e.png) ****4)**** ****r**** ****edis**** ****机器:**** ****在**** ****1**** ****92.168.**** ****171.131上安装redis(redis密码:123)和logstash2服务**** a)安装redis \[root@bogon \~\]# yum -y install epel-release \[root@bogon \~\]# yum -y install redis \[root@bogon \~\]# vim /etc/redis.conf daemonize yes bind 0.0.0.0 #默认绑定127.0.0.1,客户端没权限连接,修改成0.0.0.0后,客户端和本地都能连接redis port 6379 requirepass 123 \[root@bogon \~\]# systemctl start redis \[root@bogon \~\]# systemctl enable redis \[root@bogon \~\]# netstat -anput \|grep 6379 tcp 0 0 127.0.0.1:6379 0.0.0.0:\* LISTEN 1643/redis-server 1 \[root@bogon \~\]# redis-cli -a 123 127.0.0.1:6379\> set k1 v1 OK 127.0.0.1:6379\> get k1 "v1" 127.0.0.1:6379\> quit b)安装logstash2 6.2.4(需要jdk环境) \[root@bogon \~\]# mkdir /usr/local/java \[root@bogon \~\]# rz 上传jdk1.8包 \[root@bogon \~\]# ls jdk-8u144-linux-x64.tar.gz \[root@bogon \~\]# tar -zxf jdk-8u144-linux-x64.tar.gz \[root@bogon \~\]# ls jdk1.8.0_144 jdk-8u144-linux-x64.tar.gz \[root@bogon \~\]# mv jdk1.8.0_144/ /usr/local/java/ \[root@bogon \~\]# ls /usr/local/java/ jdk1.8.0_144 \[root@bogon \~\]# vim /etc/profile #最后面添加: JAVA_HOME=/usr/local/java/jdk1.8.0_144 CLASSPATH=.:$JAVA_HOME/jre/lib/rt.jar:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar PATH=$JAVA_HOME/bin:$PATH export JAVA_HOME CLASSPATH PATH \[root@bogon \~\]# source /etc/profile \[root@bogon \~\]# java -version java version "1.8.0_144" Java(TM) SE Runtime Environment (build 1.8.0_144-b01) Java HotSpot(TM) 64-Bit Server VM (build 25.144-b01, mixed mode) \[root@bogon \~\]# rz 上传logstash包 \[root@bogon \~\]# ls jdk-8u144-linux-x64.tar.gz logstash-6.2.4.tar.gz \[root@bogon \~\]# tar -zxf logstash-6.2.4.tar.gz \[root@bogon \~\]# mv logstash-6.2.4 /opt/ \[root@bogon \~\]# ls /opt/ elasticsearch-6.2.4 elasticsearch-head logstash-6.2.4 node-v9.6.1-linux-x64 \[root@bogon \~\]# ls /opt/logstash-6.2.4/ bin CONTRIBUTORS Gemfile lib logstash-core modules tools config data Gemfile.lock LICENSE logstash-core-plugin-api NOTICE.TXT vendor \[root@bogon \~\]# ls /opt/logstash-6.2.4/bin/logstash /opt/logstash-6.2.4/bin/logstash \[root@bogon \~\]# cd /opt/logstash-6.2.4/ \[root@bogon logstash-6.2.4\]# ls bin CONTRIBUTORS Gemfile lib logstash-core modules tools config data Gemfile.lock LICENSE logstash-core-plugin-api NOTICE.TXT vendor \[root@bogon logstash-6.2.4\]# cd \[root@bogon \~\]# export PATH=$PATH:/opt/logstash-6.2.4/bin \[root@bogon \~\]# echo "PATH=$PATH:/opt/logstash-6.2.4/bin" \>\> /etc/profile \[root@bogon \~\]# source /etc/profile \[root@bogon \~\]# logstash -V logstash 6.2.4 logstash安装完毕,启动时候,可以先创建配置文件,然后指定配置文件启动,配置文件位置在哪都行,启动时候能找到就行,内容也是自己定义写的内容。 ****5)在**** ****1**** ****92.168.**** ****171.129上启动logstash1服务,将本地的nginx日志文件收集并写入elk中------多行匹配(各种类型,不同情况使用不同正则,根据实际情况使用正则)**** a)通过nginx服务制造点日志,如下:(以日期开头的为一条,一共5条,如下)(以其中一种类型的日志类型,匹配正则为例,其他根据情况) 一定注意:下面日志不能提前生成,需要先启动filebeat开始收集后,在vim编写下面的日志,否则filebeat不能读取已经有的日志. \[root@bogon \~\]# cat /usr/local/nginx/logs/access.log #修改一下日志文件,将ip改成外网,能分析地理位置的ip { "@timestamp": "2019-10-14T18:40:30+08:00", "remote_addr": "103.216.43.11", "remote_user": "-", "body_bytes_sent": "612", "request_time": "0.001", "status": "304", "request_uri": "/", "request_method": "GET", "http_referrer": "-", "http_x_forwarded_for": "-", "http_user_agent": "curl/7.29.0"} { "@timestamp": "2019-10-14T18:41:31+08:00", "remote_addr": "103.216.43.11", "remote_user": "-", "body_bytes_sent": "612", "request_time": "0.002", "status": "200", "request_uri": "/", "request_method": "GET", "http_referrer": "-", "http_x_forwarded_for": "-", "http_user_agent": "curl/7.29.0"} { "@timestamp": "2019-10-14T18:42:32+08:00", "remote_addr": "103.216.43.11", "remote_user": "-", "body_bytes_sent": "612", "request_time": "0.003", "status": "500", "request_uri": "/", "request_method": "GET", "http_referrer": "-", "http_x_forwarded_for": "-", "http_user_agent": "curl/7.29.0"} { "@timestamp": "2019-10-14T18:43:33+08:00", "remote_addr": "103.216.43.11", "remote_user": "-", "body_bytes_sent": "612", "request_time": "0.004", "status": "200", "request_uri": "/", "request_method": "GET", "http_referrer": "-", "http_x_forwarded_for": "-", "http_user_agent": "curl/7.29.0"} { "@timestamp": "2019-10-14T18:44:33+08:00", "remote_addr": "103.216.43.113", "remote_user": "-", "body_bytes_sent": "612", "request_time": "0.005", "status": "403", "request_uri": "/", "request_method": "GET", "http_referrer": "-", "http_x_forwarded_for": "-", "http_user_agent": "curl/7.29.0"} { "@timestamp": "2019-10-14T18:45:33+08:00", "remote_addr": "103.216.43.113", "remote_user": "-", "body_bytes_sent": "612", "request_time": "0.006", "status": "200", "request_uri": "/", "request_method": "GET", "http_referrer": "-", "http_x_forwarded_for": "-", "http_user_agent": "curl/7.29.0"} { "@timestamp": "2019-10-14T18:46:33+08:00", "remote_addr": "103.216.43.113", "remote_user": "-", "body_bytes_sent": "612", "request_time": "0.007", "status": "201", "request_uri": "/", "request_method": "GET", "http_referrer": "-", "http_x_forwarded_for": "-", "http_user_agent": "curl/7.29.0"} { "@timestamp": "2019-10-14T18:47:33+08:00", "remote_addr": "105.216.43.12", "remote_user": "-", "body_bytes_sent": "612", "request_time": "0.008", "status": "200", "request_uri": "/", "request_method": "GET", "http_referrer": "-", "http_x_forwarded_for": "-", "http_user_agent": "curl/7.29.0"} { "@timestamp": "2019-10-14T18:48:33+08:00", "remote_addr": "105.216.43.12", "remote_user": "-", "body_bytes_sent": "612", "request_time": "0.008", "status": "206", "request_uri": "/", "request_method": "GET", "http_referrer": "-", "http_x_forwarded_for": "-", "http_user_agent": "curl/7.29.0"} { "@timestamp": "2019-10-14T18:49:33+08:00", "remote_addr": "104.216.43.11", "remote_user": "-", "body_bytes_sent": "612", "request_time": "0.009", "status": "200", "request_uri": "/", "request_method": "GET", "http_referrer": "-", "http_x_forwarded_for": "-", "http_user_agent": "curl/7.29.0"} b)logstash1服务将本地系统日志和tomcat日志收集,并写入redis: \[root@bogon conf\]# cat nginx_out_redis_in.conf input { file { path =\> "/usr/local/nginx/logs/access.log" codec =\> "json" start_position =\> "beginning" type =\> "nginx-log" } } #收集nginx日志,最好先将nginx的日志格式修改成json格式,容易收集展示 #codec =\> "json": 将nginx日志转成json格式后,才能用该插件,简单方便 output { if \[type\] == "nginx-log" { redis { host =\> "192.168.171.131" port =\> "6379" password =\> "123" db =\> "6" data_type =\> "list" key =\> "nginx-log" } } stdout{codec =\> rubydebug } #codec =\> rubydebug是调试,输出到控制台 } #注意db =\> 6是随便选择了redis里的一个数据库,也可其他,0,1,2,.. \[root@bogon conf\]# logstash -f nginx_out_redis_in.conf #启动logstash1服务,开始收集日志,写入redis 先启动logstash1服务,然后vim,将日志写入各自文件,logstash1会自动搜集后,存入redis,上面安装时候已配置好。 启动后,在vim编辑产生日志,然后才能到redis中。 写入到redis后,到redis机器查看(192.168.171.131上): \[root@bogon \~\]# redis-cli -h 192.168.171.131 -a 123 192.168.171.131:6379\> select 6 OK 1) "nginx-log" 127.0.0.1:6379\[6\]\> LLEN nginx-log (integer) 10 127.0.0.1:6379\[6\]\> quit c)在192.168.171.131上编写logstash配置文件,启动时候,从redis机器读出来各种类型日志,并写入es机器: 安装供分析地理位置的数据库文件: \[root@bogon \~\]# ls GeoLite2-City.tar.gz GeoLite2-City.tar.gz \[root@bogon \~\]# tar -zxf GeoLite2-City.tar.gz \[root@bogon \~\]# ls GeoLite2-City_20191008/ COPYRIGHT.txt GeoLite2-City.mmdb LICENSE.txt README.txt \[root@bogon \~\]# cp -a GeoLite2-City_20191008/GeoLite2-City.mmdb /opt/ \[root@bogon \~\]# ls /opt/GeoLite2-City.mmdb /opt/GeoLite2-City.mmdb \[root@bogon \~\]# cd conf/ \[root@bogon conf\]# vim nginx_redis_out_es_in.conf input { redis { type =\> "nginx-log" host =\> "192.168.171.131" port =\> "6379" password =\> "123" db =\> "6" data_type =\> "list" key =\> "nginx-log" } } #默认target是@timestamp,所以time_local会更新@timestamp时间。下面filter的date插件作用: 当第一次收集或使用缓存写入时候,会发现入库时间比日志实际时间有延时,导致时间不准确,最好加入date插件,使得\>入库时间和日志实际时间保持一致. filter { json { source =\> "message" remove_field =\> \["message"

}

geoip {

source => "remote_addr"

target => "geoip"

database => "/opt/GeoLite2-City.mmdb"

add_field => ["[geoip][coordinates]", "%{[geoip][longitude]}"]

add_field => ["[geoip][coordinates]", "%{[geoip][latitude]}"]

}

mutate {

convert => ["[geoip][coordinates]", "float"]

}

#date {

locale => "en"

match => ["time_local", "dd/MMM/yyyy:HH:mm:ss Z"]

#}

#上面因为nginx配置文件配置成json格式时候,已经覆盖了入库时间,已经和日志实际时间保持了一致,所以上面date可以不用

}

output {

if [type] == "nginx-log" {

elasticsearch {

hosts => ["192.168.171.128:9200"]

index => "logstash-nginx-access-log-%{+YYYY.MM.dd}"

}

}

stdout { codec=> rubydebug }

#codec=> rubydebug 是调试,输出到控制台

#写入es的索引名最好以logstash开头,因为创建map地理位置图表时候,如果不是以logstash开头,创建不了,其他也可能有这种情况,尽量都这么做吧

}

root@bogon conf\]# logstash -f nginx_redis_out_es_in.conf #启动logstash服务,将redis数据写入es 到es机器查看,有写入的数据,并创建了索引:[http://192.168.171.128:9100](http://192.168.171.128:9100 "http://192.168.171.128:9100") ![](https://i-blog.csdnimg.cn/direct/d0b047c2fdaf4d4c8533a4328e726afc.png) ****6)在**** ****1**** ****92.168.**** ****171.130上访问nginx代理的kibana,并配置kibana界面展示日志(从es中获取数据并展示)**** a)登录kibana,输入用户名和密码: shi/123456 ![](https://i-blog.csdnimg.cn/direct/3dbdcca181d947fc8d0ab8bc58cf796d.png) b)kibana依次创建索引(尽量和es里索引名对应,方便查找)------查询和展示es里的数据 先创建-\*索引: 点击management,如下: ![](https://i-blog.csdnimg.cn/direct/83a3a420187e43498fc42f1cae94a155.png) ![](https://i-blog.csdnimg.cn/direct/6cf3a6ebb489472ba6c08811ca91ff32.png) logstash-nginx-access-log-\*,如下: ![](https://i-blog.csdnimg.cn/direct/d54a84658b2a44eeb40a982d079ae3ea.png) 点击next step,如下: ![](https://i-blog.csdnimg.cn/direct/52281e33156b489f9a1ed7e73df3892d.png) 选择时间戳 @timestamp,点击create index pattern,如下: ![](https://i-blog.csdnimg.cn/direct/1901e85c614c405386e47f6508a58fac.png) 查看日志,点击discover,选择logstash-nginx-access-log-\*,如下: ![](https://i-blog.csdnimg.cn/direct/018276429d80477f99608c050bd7bf14.png) 展开其中一条,可以看到是json解析格式的日志,如下: ![](https://i-blog.csdnimg.cn/direct/b75d49b5aeb1440094d3a1c4ffcee2d0.png) ****2.在kibana上对nginx日志进行分析并绘图**** 1)创建pv图: 点击visuallize,如下: ![](https://i-blog.csdnimg.cn/direct/61550a5ccf5e422391a0070bb6b9d38a.png) ![](https://i-blog.csdnimg.cn/direct/a01a42506a354ee1803d038e34a52fb9.png) 点击create a visualization,如下: ![](https://i-blog.csdnimg.cn/direct/a5d10ff40e5c41abaeca9018e7f0a720.png) 选择line,如下: ![](https://i-blog.csdnimg.cn/direct/b89127a677f246c98eaa969099f3d925.png) 选择要绘图的日志点击,如下: ![](https://i-blog.csdnimg.cn/direct/50ea38410a244b33ba7682619beb4bcd.png) ![](https://i-blog.csdnimg.cn/direct/14402ed3fdb34ca8a11c883c6756523c.png) Y轴线选择count,x轴选择时间戳,点击向右箭头,如下: ![](https://i-blog.csdnimg.cn/direct/a7b89563483348fc9b6cfda7bfa138f3.png) 可以看到有一条直线,因为日志少,所有图形少,点击save,如下: ![](https://i-blog.csdnimg.cn/direct/5b4faec8ca64429ca80ace20bb46ed6e.png) 起名,并save,如下: ![](https://i-blog.csdnimg.cn/direct/e62dce43506f4ee1b9253cddcd5e1345.png) 2)创建uv图: 点击+添加,如下: ![](https://i-blog.csdnimg.cn/direct/dc8ef78dafbf4d8fa30c449563675d5e.png) 选择line,如下: ![](https://i-blog.csdnimg.cn/direct/6742904265484faeb2f0622a7e7b6601.png) 选择日志,如下: ![](https://i-blog.csdnimg.cn/direct/3d12b24c86b147aa99c2aa964c728b35.png) X轴选择Unique Count(去重统计),字段选择: remote_addr(客户端ip的那个),y轴选择时间戳,点击向右箭头,如下: ![](https://i-blog.csdnimg.cn/direct/66ed9987a50848e092902a0a53c3b456.png) 出现图形后,点击save,如下: ![](https://i-blog.csdnimg.cn/direct/4e083205803b411f873dd186c6c0c389.png) 起名,并save后,如下: ![](https://i-blog.csdnimg.cn/direct/84826fbd620e42cbb19d95fede526fa6.png) 3)创建用户地理位置分布图 点击+添加,如下: ![](https://i-blog.csdnimg.cn/direct/178631139fe94d05aabab8530eba5f3d.png) 选择map图,如下: ![](https://i-blog.csdnimg.cn/direct/6983e9ec835d4df1a2921fcb241fdd2f.png) 选择日志,如下: ![](https://i-blog.csdnimg.cn/direct/3e95642cd2734780918cebc1aa2bcca6.png) Vlaue选择count, 再选择Geo Coordinates, Geohash, geoip.location,点击向右箭头,如下: ![](https://i-blog.csdnimg.cn/direct/8e4e2d66f352401792811b696ac29a57.png) 出现图后,点击save,如下: ![](https://i-blog.csdnimg.cn/direct/09dae643388d4009958cb778b4716975.png) 起名,并save后,如下: ![](https://i-blog.csdnimg.cn/direct/8083c7f938004c969230c700c4c34198.png) 4)创建url图 点击+新加,如下: ![](https://i-blog.csdnimg.cn/direct/6cdfe55d9fe64416b20a4d8acf47d509.png) 选择data table,如下: ![](https://i-blog.csdnimg.cn/direct/f97274e990af404e97bbca867a1b6f0a.png) 选择日志,如下: ![](https://i-blog.csdnimg.cn/direct/3afee47247454bafa04fbb0532a8a3df.png) 选择统计count, 聚合Terms,字段 :request_uri 排序:5个,点击向右箭头,如下: ![](https://i-blog.csdnimg.cn/direct/d1483475a23f4198bfa93e2533004596.png) 出现图后,点击save,因为此处访问就一个根url,所以没有别的,save,如下: ![](https://i-blog.csdnimg.cn/direct/9a38d9922227447eb6145d76ba795193.png) 起名,并save后如下: ![](https://i-blog.csdnimg.cn/direct/888661d80ee34d98817ffb4abcb414d2.png) 5)http status图 点击+新增,如下: ![](https://i-blog.csdnimg.cn/direct/072a0d04a3cf4214ab55ebd99bd08f37.png) 选择data table,如下: ![](https://i-blog.csdnimg.cn/direct/c4f633d5058d43fa894d24399cc38878.png) 选择日志,如下: ![](https://i-blog.csdnimg.cn/direct/7b5f65a7548e43b48fcff3e362dbf46e.png) 选择count统计,Terms聚合,字段:status 排序5个,点击向右箭头,如下: ![](https://i-blog.csdnimg.cn/direct/977b9bb97cd7432e83019f040a029668.png) 显示出图形后,点击save,如下: ![](https://i-blog.csdnimg.cn/direct/e408e69fda3b44cb90380e903c7824a8.png) 起名并save后,如下: ![](https://i-blog.csdnimg.cn/direct/6c956c4980b840fca428e10bfb35a045.png) 6)ip top 10统计 点击+新增,如下: ![](https://i-blog.csdnimg.cn/direct/9e7d12d96cea4ec093b3d563785d5177.png) 选择data table,如下: ![](https://i-blog.csdnimg.cn/direct/97b4b05138424dba911bf8e94e06f610.png) 选择日志,如下: ![](https://i-blog.csdnimg.cn/direct/8568c977baab408e900b28db9149581b.png) 选择统计count,聚合terms,字段:remote_addr 排序5个,点击向右箭头,如下: ![](https://i-blog.csdnimg.cn/direct/6b57daa45b6247a08257b4492bc8eb47.png) 点击save,如下: ![](https://i-blog.csdnimg.cn/direct/463b3b27f1234b7a940316dd5bea163f.png) 起名,并save后,如下: ![](https://i-blog.csdnimg.cn/direct/4e54acef35b44c308b0f6521069d7028.png) 7)将刚才创建的可视化图表放到仪表盘中: 创建仪表盘: 点击:dashboard,如下: ![](https://i-blog.csdnimg.cn/direct/814c3bb37e364ff1b1362bfabe7d79b0.png) 点击create a dashboard,如下: ![](https://i-blog.csdnimg.cn/direct/4f8ece1c27aa4329bdaddf688e29a1ed.png) 点击add,如下: ![](https://i-blog.csdnimg.cn/direct/d2c92df9844e4119a9855e2aeeed093b.png) 依次点击各个可视化图表即可添加到仪表盘,添加后如下: ![](https://i-blog.csdnimg.cn/direct/84d32de2df944b35b126b989577cdffd.png) 点击save,如下: ![](https://i-blog.csdnimg.cn/direct/8433c6658dc6472e8ba2c02071268e26.png) 起名并保存,添加完后,如下: ![](https://i-blog.csdnimg.cn/direct/f823a091ab834ec0b9bbe4e5b9cb23ce.png) ![](https://i-blog.csdnimg.cn/direct/22e5a2322775453fab69982433a2149f.png) 如果对运维课程感兴趣,可以在b站上、A站或csdn上搜索我的账号: 运维实战课程,可以关注我,学习更多免费的运维实战技术视频

相关推荐
Ares-Wang8 分钟前
Docker Compose 部署Nginx反向代理 tomcat
nginx·docker·tomcat
xujiangyan_1 天前
nginx的反向代理和负载均衡
服务器·网络·nginx
Y第五个季节1 天前
Redis - HyperLogLog
数据库·redis·缓存
Justice link1 天前
企业级NoSql数据库Redis集群
数据库·redis·缓存
〆、风神1 天前
Guava Cache 实战:构建高并发场景下的字典数据缓存
缓存·guava
极客天成ScaleFlash1 天前
极客天成NVFile:无缓存直击存储性能天花板,重新定义AI时代并行存储新范式
人工智能·缓存
morris1312 天前
【redis】redis实现分布式锁
数据库·redis·缓存·分布式锁
viqecel2 天前
网站改版html页面 NGINX 借用伪静态和PHP脚本 实现301重定向跳转
nginx·php·nginx重定向·301重定向·html页面重定向
纪元A梦2 天前
Redis最佳实践——首页推荐与商品列表缓存详解
数据库·redis·缓存
硪就是硪2 天前
内网环境将nginx的http改完https访问
nginx·http·https