iT邦幫忙

1

關於elasticsearch 存放的別台機器的access-log路徑 (感謝 raytracy 協助解決)

小弟透過logstash收集log的access日誌,然後寫腳本傳輸到elasticsearch:9200

腳本如下:

input {
  file {
    path => "/var/log/nginx/h5-api-access.log"
    start_position => "beginning"
    type => "syslog"
  }
}

filter {
        if [type] == "syslog" {
grok {
match => [ "message" , "%{HOSTNAME:http_host} %{COMBINEDAPACHELOG} %{DATA:rawrequest} \"(?<x_forwarded_for>%{IP:true_clientip},*.*)\""]
overwrite => [ "message" ]
}

mutate {
convert => ["response", "integer"]
convert => ["bytes", "integer"]
convert => ["responsetime", "float"]
rename => { "clientip" => "reverse-ip" }
rename => { "rawrequest" => "request_body" }
split  => { "x_forwarded_for" => ", " }
}

geoip {
source => "true_clientip"
target => "geoip"
add_tag => [ "nginx-geoip" ]
}

date {
match => [ "timestamp" , "dd/MMM/YYYY:HH:mm:ss Z" ]
timezone => "Etc/GMT-8"
remove_field => [ "timestamp" ]
}

useragent {
source => "agent"
}

        }
}


output {
#  if [type] == "syslog" {
        stdout { codec => rubydebug }
        elasticsearch {
        hosts => ["172.16.16.86:9200"]
        index => "nginx-dog-%{+YYYY.MM.dd}"
#  }
}
}

可以看到172.16.16.86:9200 是我的elasticsearch Server端,
然後透過elasticsearch-head可以查看我的log分析
https://ithelp.ithome.com.tw/upload/images/20190620/20114520e8PiWYdzwh.png

不過我也好奇,我傳輸過去的access的log,會存放在elasticsearch Server端的哪個地方
Google過了,似乎也沒有相關的資訊,相關路徑找了也沒找出什麼蛛絲馬跡

是不是哪邊出了問題呢?

1 個回答

1
raytracy
iT邦大神 1 級 ‧ 2019-06-21 02:28:40
最佳解答

請找你的 YAML 檔, 裡面有設定值可查:
Configuring Elasticsearchedit

so u ka!/images/emoticon/emoticon25.gif
https://ithelp.ithome.com.tw/upload/images/20190621/20114520I6X5hFB9EU.png

因為並沒有path這個路徑,所以目前正著手開始找尋elasticsearch的儲存機制是什麼 (Googleing)

https://blog.csdn.net/qq_36381640/article/details/82794310

目前有參考這份資料,雖然還是有點一知半解/images/emoticon/emoticon06.gif

我要發表回答

立即登入回答