From add5f1319035bb8febd3f036b45f8abc4f300540 Mon Sep 17 00:00:00 2001
From: diandian <xingdianvip@gmail.com>
Date: Mon, 3 Jun 2024 17:08:08 +0800
Subject: [PATCH] =?UTF-8?q?=E4=B8=8A=E4=BC=A0=E6=96=87=E4=BB=B6=E8=87=B3?=
 =?UTF-8?q?=20'MD=5FNEW'?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 MD_NEW/日志中心集群.md | 88 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 88 insertions(+)

diff --git a/MD_NEW/日志中心集群.md b/MD_NEW/日志中心集群.md
index c2fa3f0..9c65b8a 100644
--- a/MD_NEW/日志中心集群.md
+++ b/MD_NEW/日志中心集群.md
@@ -317,11 +317,99 @@ huanqiu
 hahaha
 ```
 
+采集单个文件
 
+```json
+[root@logstash ~]# cat /opt/nginx_access_logstash.conf 
+input{
+        file {
+                path => "/var/log/nginx/access_json.log"
+                start_position => "beginning"
+        }
+}
 
+output{
 
+        elasticsearch {
+                hosts => ["10.9.12.86:9200"]
+                index => "nginx-access-json-%{+YYYY.MM.dd}"
+        }
 
+}
+```
 
+采集多个文件
 
+```json
+[root@logstash ~]# cat /opt/files.conf 
+input {
+    file {
+      path => "/var/log/messages"
+      type => "system"
+      start_position => "beginning"
+    }
+}
+input {
+    file {
+       path => "/var/log/yum.log"
+       type => "safeware"
+       start_position => "beginning"
+    }
+}
+output {
 
+    if [type] == "system"{
+        elasticsearch {
+           hosts => ["10.9.12.86:9200"]
+           index => "system-%{+YYYY.MM.dd}"
+        }
+    }
+    if [type] == "safeware"{
+            elasticsearch {
+               hosts => ["10.9.12.86:9200"]
+               index => "safeware-%{+YYYY.MM.dd}"
+            }
+        }
+}
+```
 
+#### 4.定义nginx的日志格式并采集
+
+Nginx配置文件修改
+
+```
+    log_format  json '{"@timestamp":"$time_iso8601",'
+                           '"@version":"1",'
+                           '"client":"$remote_addr",'
+                           '"url":"$uri",'
+                           '"status":"$status",'
+                           '"domain":"$host",'
+                           '"host":"$server_addr",'
+                           '"size":$body_bytes_sent,'
+                           '"responsetime":$request_time,'
+                           '"referer": "$http_referer",'
+                           '"ua": "$http_user_agent"'
+               '}';
+     
+     
+     access_log  /var/log/nginx/access_json.log  json;   
+```
+
+定义采集配置文件
+
+```json
+input {
+   file {
+      path => "/var/log/nginx/access_json.log"
+      start_position => "beginning"
+   }
+}
+output {
+    elasticsearch {
+           hosts => ["192.168.122.118:9200"]
+           index => "nginx1-%{+YYYY.MM.dd}"
+    }
+}
+```
+
+ES查看索引，Kibana展示数据
\ No newline at end of file