1)配置
[root@web01 ~]# vim /etc/filebeat/filebeat.yml
filebeat.inputs:
- type: log
enable: true
paths:
- /var/log/nginx/access.log
json.keys_under_root: true
json.overwrite_keys: true
output.redis:
hosts: ["172.16.1.51"]
port: "6379"
key: "nginx_access"
db: 0
2)查看redis
#访问Nginx页面后,查看redis是否有数据
127.0.0.1:6379> keys *
1) "nginx_access"
127.0.0.1:6379> TYPE nginx_access
list
127.0.0.1:6379> LLEN nginx_access
(integer) 8
127.0.0.1:6379> LRANGE nginx_access 0 -1
3)6.使用logstash将redis数据取出到ES
[root@web01 conf.d]# vim redis_to_es.conf
input {
redis {
host => "172.16.1.51"
port => "6379"
db => "0"
data_type => "list"
key => "nginx_access"
}
}
output {
elasticsearch {
hosts => ["10.0.0.51:9200"]
index => "nginx_access_%{+YYYY-MM-dd}"
}
}