安装Redis

  1. yum install -y redis

配置Redis

  1. vim /etc/redis.conf
  2. bind 127.0.0.1 10.0.0.100
  3. port 6379

修改Filebeat配置

  1. vim /etc/filebeat/filebeat.yml
  2. filebeat.inputs:
  3. - type: log
  4.   enabled: true
  5.   paths:
  6.     - /var/log/nginx/access.log
  7.   json.keys_under_root: true
  8.   json.overwrite_keys: true
  9.   tags: ["access"]
  11. - type: log
  12.   enabled: true
  13.   paths:
  14.     - /var/log/nginx/error.log
  15.   tags: ["error"]
  17. output.redis:
  18.   hosts: ["10.0.0.100"]
  19.   keys:
  20.     - key: "nginx_access"
  21.       when.contains:
  22.         tags: "access"
  23.     - key: "nginx_error"
  24.       when.contains:
  25.         tags: "error"

修改Logstash配置

  1. vim /etc/logstash/conf.d/redis_nginx.conf
  2. input {
  3.   redis {
  4.     host => "10.0.0.100"
  5.     port => "6379"
  6.     db => "0"
  7.     key => "nginx_access"
  8.     data_type => "list"
  9.   }
  10.   redis {
  11.     host => "10.0.0.100"
  12.     port => "6379"
  13.     db => "0"
  14.     key => "nginx_error"
  15.     data_type => "list"
  16.   }
  17. }
  19. filter {
  20.   mutate {
  21.     convert => ["upstream_time", "float"]
  22.     convert => ["request_time", "float"]
  23.   }
  24. }
  26. output {
  27.    stdout {}
  28.    if "access" in [tags] {
  29.       elasticsearch {
  30.         hosts => "http://10.0.0.100:9200"
  31.         manage_template => false
  32.         index => "nginx_access-%{+yyyy.MM.dd}"
  33.       }
  34.     }
  35.     if "error" in [tags] {
  36.       elasticsearch {
  37.         hosts => "http://10.0.0.100:9200"
  38.         manage_template => false
  39.         index => "nginx_error-%{+yyyy.MM.dd}"
  40.       }
  41.     }
  42. }