Ubuntu服务器 ELK搭建及测试排查

前端之家收集整理的这篇文章主要介绍了Ubuntu服务器 ELK搭建及测试排查前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。


filebeat 配置文件

root@Product3:/etc/filebeat#catfilebeat.yml
filebeat.prospectors:
-type:log
enabled:true
paths:
-/var/www/bigbear_server/shared/log/ms.log
fields:
log_tpics:server
-type:log
enabled:true
paths:
-/var/www/bigbear_sidekiq/shared/log/ms.log
fields:
log_tpics:sidekiq
-type:log
enables:true
paths:
-/application/Nginx/logs/access810*.log
fields:
log_tpics:Nginx
output.logstash:
hosts:["x.x.x.x:5044"]

Logstash配置文件

root@Product4:/application/logstash-6.2.4/bin#cat../config/02-beats-input.conf
input{
beats{
#host=>"x.x.x.x"
codec=>plain{charset=>"UTF-8"}
port=>5044
#ssl=>true
#ssl_certificate=>"/etc/pki/tls/certs/logstash-forwarder.crt"
#ssl_key=>"/etc/pki/tls/private/logstash-forwarder.key"
}
}
output{
elasticsearch{
codec=>plain{charset=>"UTF-8"}
hosts=>"http://localhost:9200"
#sniffing=>true
manage_template=>false
index=>"%{[fields][log_topics]}--%{+YYYY.MM.dd}"
document_type=>"%{[@Metadata][type]}"
}
}

查看logstash的打开文件数和描述

root@Product4:/application/logstash-6.2.4/bin#curl-XGET'localhost:9600/_node/stats/process?pretty'
{
"host":"Product4","version":"6.2.4","http_address":"127.0.0.1:9600","id":"6e6fc083-b27e-4227-8dd4-dec6bcc5ff4d","name":"Product4","process":{
"open_file_descriptors":146,"peak_open_file_descriptors":147,"max_file_descriptors":65536,"mem":{
"total_virtual_in_bytes":14873796608
},"cpu":{
"total_in_millis":134210,"percent":0,"load_average":{
"1m":0.79,"5m":0.77,"15m":0.48
}
}
}
}

注意“open_file_descriptors”和“peak_open_file_descriptors”,我们看到那些超过1000(当它们通常在100和500之间时)。当该措施达到四位或五位数时,logstash正在降低(或已经下降)

当上述计数器位于5位时,“lsof -p LogstashPID | wc -l”命令仍会返回一个更小的数字(小于400)。

例如,在上面的例子中,logstash在达到10000的时候已经下降了。(Prob更早)

但我还不知道从这里做什么。

这显然是一个logstash错误,但没有人弹性似乎关心。

猜你在找的Ubuntu相关文章