容器日志样例

172.101.32.1 - - [03/Jun/2019:17:14:10 +0800] "POST /ajaxVideoQueues!queryAllUser.action?rnd=1559553110429 HTTP/1.0" 200 65 "http://www.wsjy.gszq.com:81/sysNotice!sysList.action" "Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko" "192.168.200.252"

ELK配置

日志处理pipeline

# 注意 \\[ ,中括号前的两个转义反斜杠

[root@elk100 pipe]# cat nginx_pipeline.json

{

    "description": "Nginx log pipeline",

    "processors": [

        {

           "grok" :{

                "field": "message",

                "patterns" : ["%{IP:clientip} - - \\[%{HTTPDATE:timestamp}\\] \"%{WORD:method} %{URIPATHPARAM:request} HTTP/%{NUMBER:httpversion}\" %{NUMBER:response} (?:%{NUMBER:bytes}|-) \"(?:%{URI:referrer}|-)\" %{QS:agent} %{QS:xforwardedfor}]

            }

        },

        {

            "date": {

            "field": "timestamp",

            "formats": ["dd/MMM/YYYY:HH:mm:ss Z"]

            }

        }

    ],

    "on_failure" : [{

      "set" : {

        "field" : "error.message",

        "value" : "{{ _ingest.on_failure_message }}"

      }

    }]

}

[root@elk100 pipe]# curl -H 'Content-Type: application/json' -XPUT 'http://10.101.70.100:9200/_ingest/pipeline/nginx_pipeline' -d@nginx_pipeline.json

{"acknowledged":true}

模板配置

在Kibana的 Dev Tools中执行

PUT _template/nginx_log

{

  "index_patterns": "nginx_log*",

    "settings": {

      "refresh_interval": "5s",

      "number_of_shards": 1

    },

    "mappings": {

      "_doc": {

        "properties": {

          "id": {"type": "integer"},

          "clientip": {"type": "ip"},

          "timestamp": {"type": "date",

            "format": "dd/MMM/yyyy:HH:mm:ss Z"

          },

          "method": {"type": "keyword"},

          "request": {"type": "text"},

          "httpversion": {"type": "integer"},

          "response": {"type": "integer"},

          "bytes": {"type": "integer"},

          "referrer": {"type": "text"},

          "xforwardedfor": {"type": "text"}

        }

      }

    },

    "aliases": {}

  }

}

k8s容器编排文件

采用每个POD应用启动一个 filebeat 容器来收集应用日志的方案。

fiebeat 镜像下载: https://cloud.docker.com/u/bugbeta/repository/list

[root@node1 filebeat]# cat filebeat-test.yaml

apiVersion: extensions/v1beta1

kind: Deployment

metadata:

  name: filebeat-test

  namespace: default

spec:

  replicas: 1

  template:

    metadata:

      labels:

        k8s-app: filebeat-test

    spec:

      containers:

      - image: bugbeta/filebeat:6.8.0

        name: filebeat

        volumeMounts:

        - name: app-logs

          mountPath: /log

        - name: filebeat-config

          mountPath: /etc/filebeat/

      - image: nginx:1.7.9

        name : app

        ports:

        - containerPort: 80

        volumeMounts:

        - name: app-logs

          mountPath: /var/log/nginx

      volumes:

      - name: app-logs

        emptyDir: {}

      - name: filebeat-config

        configMap:

          name: filebeat-config

      nodeSelector:

        name: "node1"

---

apiVersion: v1

kind: Service

metadata:

  name: filebeat-test

  labels:

    app: filebeat-test

spec:

  type: NodePort

  ports:

  - port: 80

    nodePort: 30085

    protocol: TCP

    name: http

  selector:

    k8s-app: filebeat-test

---

apiVersion: v1

kind: ConfigMap

metadata:

  name: filebeat-config

data:

  filebeat.yml: |

    filebeat.prospectors:

    - type: log

      paths:

        - "/log/*"

    setup.template.name: "nginx_log"

    setup.template.pattern: "nginx_log*" 

    output.elasticsearch:

      hosts: ["10.101.70.100:9200"]

      index: "nginx_log"

      pipeline: "nginx_pipeline"

最新文章

  1. Linux-awk直接修改原文件
  2. php namespace用法
  3. poj1981Circle and Points(单位圆覆盖最多的点)
  4. Python 网页投票信息抓取
  5. C++模板知识小结
  6. C#获取显示器宽度高度,桌面宽度高度等
  7. 【开发手记一】老生常谈:简简单单配置ZED板开发环境
  8. Intel CPU命名规则的简略解析
  9. python学习笔记(十 一)、GUI图形用户界面
  10. python小白——进阶之路——day2天-———变量的缓存机制+自动类型转换
  11. python全栈开发day80--评论楼、评论树
  12. 使用python3.6和django1.9的xadmin 遇到坑,__unicode__()和__str__()
  13. OLAP和OLTP的区别(基础知识) 【转】
  14. tomcat jsp页面乱码解决
  15. 【重要】攻击动作时间段判断~使用动画time比较动画length和使用一个变量数组做延迟
  16. WebDriverAPI(5)
  17. 易普优APS与国外知名高级计划排程系统对比
  18. Mongodb数据导出工具mongoexport和导入工具mongoimport使用
  19. Xilinx问题查找
  20. POJ 2318 TOYS(点与直线的关系 叉积&&二分)

热门文章

  1. Unity5.X 编辑器介绍
  2. css——overflow
  3. JS数据分组[JSON]
  4. hadoop中HDFS文件系统 nameNode出现的问题 nameNode无法打开
  5. 11g,12c Oracle Rac安装
  6. HDU 1211
  7. 使用excel进行数据挖掘(6)---- 预測
  8. LIVE555研究之五:RTPServer(二)
  9. 怎样在Nginxserver中启用Gzip压缩
  10. nova shelve 的使用