elasticsearch - 使用 ELK 在 grafana 中可视化 Nginx 日志
问题描述
我有一个 Elasticsearch 安装,它收集我需要通过以下方式在 Grafana 中可视化的 nginx 日志:
- 访问特定 url 的顶级浏览器。让我们假设 index.html
- 假设相同 ip 和用户代理为一个的某些网页的打开次数
存储在 elasticsearch 中的数据结构与
"_index" : "redacted",
"_type" : "_doc",
"_id" : "redacted",
"_score" : 0.9736392,
"_source" : {
"upstream_status" : "302",
"@timestamp" : "2019-11-26T03:02:08.754Z",
"http_referer" : "-",
"ecs" : { },
"body_bytes_sent" : "0",
"host" : { },
"time_local" : "26/Nov/2019:03:02:08 +0000",
"the_real_ip" : "redacted",
"message" : "redacted - [redacted] - - [26/Nov/2019:03:02:08 +0000] \"GET / HTTP/2.0\" 302 0 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36\" 220 0.005 [production-webadmin-80] redacted:8080 0 0.004 302 979897183c421507eaea8346eeb5904c",
"proxy_upstream_name" : "production-webadmin-80",
"remote_user" : "-",
"service" : "ingress-nginx.ingress-nginx-internal",
"request_time" : "0.005",
"upstream_response_time" : "0.004",
"tags" : [
"_geoip_lookup_failure"
],
"upstream_addr" : "redacted:8080",
"user_agent" : {
"device" : "Other",
"patch" : "3865",
"os_major" : "10",
"build" : "",
"minor" : "0",
"name" : "Chrome",
"major" : "77",
"os" : "Mac OS X",
"os_name" : "Mac OS X",
"os_minor" : "14"
},
"geoip" : { },
"kubernetes" : {
"pod" : {
"name" : "redacted-internal-76dd64fb5f-stj99"
},
"container" : {
"name" : "redacted"
},
"labels" : {
"app" : "ingress-nginx-internal",
"appId" : "ingress-nginx"
},
"namespace" : "ingress-nginx",
"replicaset" : {
"name" : "redacted-internal-76dd64fb5f"
},
"node" : {
"name" : "redacted-20190904071-128f9703-gnvr"
}
},
"request" : "GET / HTTP/2.0",
"http_user_agent" : "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36",
"stream" : "stdout",
"request_length" : "220",
"upstream_response_length" : "0",
"status" : "302",
"input" : { }
现在我不知道如何使用 grafana 来做到这一点。我能够开始工作的一件事是像这样的查询
request : index.html AND status : 200
有人可以帮忙吗?
解决方案
推荐阅读
- synchronization - 使用 BufferMemory 屏障在绘制和计算命令之间同步
- python - 删除数据框中的文本
- mysql - 在 MySQL 中恢复复制
- node.js - getSession next-auth 返回 null
- java - 我应该为不可变的休眠实体使用什么 cascadeType?
- node.js - 带有私有存储库(NPM、AWS CodeArtifact 等)的 AWS Elastic Beanstalk
- google-chrome-extension - 打开带有扩展名的 chrome url
- variables - host_var 和 group_var 上重复变量的优先级
- python - VS 代码调试器:导入错误,没有名为 scrapy 的模块
- r - 为唯一 ID 的首次观察创建一个虚拟变量