前回の続き。次は、nginx→fluentd→elasticsearch→kibanaで可視化してみる。
Nginx
install
# rpm -ivh http://nginx.org/packages/centos/6/noarch/RPMS/nginx-release-centos-6-0.el6.ngx.noarch.rpm
# yum -y install nginx
# nginx -V
nginx version: nginx/1.8.0
nginx.conf
- log_formatをltsv
# vi /etc/nginx/nginx.con
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format ltsv "time:$time_local"
"\thost:$remote_addr"
"\tforwardedfor:$http_x_forwarded_for"
"\treq:$request"
"\tstatus:$status"
"\tsize:$body_bytes_sent"
"\treferer:$http_referer"
"\tua:$http_user_agent"
"\treqtime:$request_time"
"\tcache:$upstream_http_x_cache"
"\truntime:$upstream_http_x_runtime"
"\tvhost:$host";
access_log /var/log/nginx/access.log ltsv;
起動
# chkconfig --add nginx
# chkconfig nginx on
# /etc/init.d/nginx start
td-agent
install
# curl -L https://toolbelt.treasuredata.com/sh/install-redhat-td-agent2.sh | sh
plugin
fluent-plugin-elasticsearch
td-agent-gem install fluent-plugin-elasticsearch
fluent-plugin-woothee
td-agent-gem install fluent-plugin-woothee
td-agent.conf
# vi /etc/td-agent/td-agent.conf
## File input
<source>
type tail
format ltsv
path /var/log/nginx/access.log
pos_file /var/log/nginx/access.log.pos
tag access.nginx
time_key time
time_format %d/%b/%Y:%H:%M:%S %z
</source>
## Merged ua
<match access.nginx>
type woothee
key_name ua
add_prefix merged
merge_agent_info yes
</match>
## Multiple output
<match merged.access.nginx>
type copy
<store>
type elasticsearch
index_name service_name
type_name access
include_tag_key true
tag_key @log_name
host 127.0.0.1
port 9200
logstash_format true
logstash_prefix service_name.access
flush_interval 3s
</store>
<store>
type file
path /var/log/nginx/merged.access.nginx.log
time_slice_format %Y%m%d
time_slice_wait 10m
time_format %Y%m%dT%H%M%S%z
compress gzip
</store>
</match>
起動
# chkconfig --add td-agent
# chkconfig td-agent on
# /etc/init.d/td-agent start
kibana
- logstash_prefixに指定した「service_name.access-*」
- 設定まわりはここらへんと同じ