前提:已配置好Redis集群,並設置的有統一的訪問密碼
架構是filebeat-->redis集群-->logstash->elasticsearch,需要修改filebeat的輸出和logstash的輸入值
filebeat地址:192.168.80.108
redis集群地址:192.168.80.107 ,采用的是偽集群的方式
1 filebeat配置
filebeat.inputs:
- type: log
enabled: true
paths:
- /usr/local/openresty/nginx/logs/host.access.log
fields:
log_source: messages
- type: log
enabled: true
paths:
- /usr/local/openresty/nginx/logs/error.log
fields:
log_source: secure
output.redis:
# Redis集群地址列表
hosts: ["192.168.80.107:7001","192.168.80.107:7002","192.168.80.107:7003","192.168.80.107:7004","192.168.80.107:7005","192.168.80.107:7006","192.168.80.107:7007","192.168.80.107:7008"]
# Redis集群key
key: messages_secure
password: foobar2000
# 集群模式下只能用第0數據庫,填寫其他的會報錯
db: 0
2 redis端查看數據
登錄:
# -h是地址,-p是端口,-c表示集群,-a是密碼
/elk/redis/redis-4.0.1/src/redis-cli -h 192.168.80.107 -c -p 7001 -a foobar2000
查看:
redis 127.0.0.1:7000[0]> keys * # 出現這個key了 說明fielebeat的數據已經傳輸到redis集群中了
1) "messages_secure"
redis 127.0.0.1:7000[0]> llen emessages_secure ##查看list長度
(integer) 2002
redis 127.0.0.1:7000[0]> lindex messages_secure 0 #查看相關數據
或者使用redis客戶端RedisDesktopManager使用
發現一個問題,Redis集群中出現倆messages_secure,且存儲的數據一模一樣,這個問題還有待繼續研究..
3 logstash配置
input {
redis {
host => "192.168.80.107"
port => 7001
password => foobar2000
data_type => "list"
key => "messages_secure"
db => 0
}
redis {
host => "192.168.80.107"
port => 7002
password => foobar2000
data_type => "list"
key => "messages_secure"
db => 0
}
redis {
host => "192.168.80.107"
port => 7003
password => foobar2000
data_type => "list"
key => "messages_secure"
db => 0
}
redis {
host => "192.168.80.107"
port => 7004
password => foobar2000
data_type => "list"
key => "messages_secure"
db => 0
}
redis {
host => "192.168.80.107"
port => 7005
password => foobar2000
data_type => "list"
key => "messages_secure"
db => 0
}
redis {
host => "192.168.80.107"
port => 7006
password => foobar2000
data_type => "list"
key => "messages_secure"
db => 0
}
redis {
host => "192.168.80.107"
port => 7007
password => foobar2000
data_type => "list"
key => "messages_secure"
db => 0
}
redis {
host => "192.168.80.107"
port => 7008
password => foobar2000
data_type => "list"
key => "messages_secure"
db => 0
}
redis {
batch_count => 1
host => "192.168.80.107"
port => 7001
password => foobar2000
data_type => "list"
key => "messages_secure"
db => 0
}
}
# 輸出到elasticsearch中,根據不同的日志來源創建不同的索引
output {
if [fields][log_source] == 'messages' {
elasticsearch {
hosts => ["http://192.168.80.104:9200", "http://192.168.80.105:9200","http://192.168.80.106:9200"]
index => "messages-%{+YYYY.MM.dd}"
user => "elastic"
password => "elkstack123456"
}
}
if [fields][log_source] == "secure" {
elasticsearch {
hosts => ["http://192.168.80.104:9200", "http://192.168.80.105:9200","http://192.168.80.106:9200"]
index => "secure-%{+YYYY.MM.dd}"
user => "elastic"
password => "elkstack123456"
}
}
}
說明:
input的redis中,host默認是string,不能填寫列表,所以需要把所有集群的地址都寫上,
若是只寫其中一個Redis集群節點的地址,,則會出現如下提示,同時logstash也無法從Redis集群中拉取數據
Redis connection problem {:exception=>#<Redis::CommandError: CROSSSLOT Keys in request don't hash to the same slot>}
Redis connection problem {:exception=>#<Redis::CommandError: MOVED 7928 192.168.80.107:7002>}
但是若把所有集群的地址都寫上,雖然也會出現上述的倆提示,但是logstash能從Redis集群中拉取數據
4 問題
延伸的問題:因為Redis集群中存儲倆messages_secure,導致logstash從Redis集群中拉取的數據是會有倆一模一樣的,進而傳輸給Elasticsearch的數據
也是有重復的,在kibana上查看,每個記錄均有兩條
出現這個問題是因為filebeat存儲到Redis集群的數據重復,有待上面問題的解決。
5 官方相關文檔
host參數的值是string,不支持列表
Redis input pluginedit
- Plugin version: v3.1.4
- Released on: 2017-08-16
- Changelog
For other versions, see the Versioned plugin docs.
Getting Helpedit
For questions about the plugin, open a topic in the Discuss forums. For bugs or feature requests, open an issue in Github. For the list of Elastic supported plugins, please consult the Elastic Support Matrix.
Descriptionedit
This input will read events from a Redis instance; it supports both Redis channels and lists. The list command (BLPOP) used by Logstash is supported in Redis v1.3.1+, and the channel commands used by Logstash are found in Redis v1.3.8+. While you may be able to make these Redis versions work, the best performance and stability will be found in more recent stable versions. Versions 2.6.0+ are recommended.
For more information about Redis, see http://redis.io/
batch_count note: If you use the batch_count setting, you must use a Redis version 2.6.0 or newer. Anything older does not support the operations used by batching.
Redis Input Configuration Optionsedit
This plugin supports the following configuration options plus the Common Options described later.
| Setting | Input type | Required |
|---|---|---|
batch_count |
number | No |
data_type |
string, one of ["list", "channel", "pattern_channel"] |
Yes |
db |
number | No |
host |
string | No |
key |
string | Yes |
password |
password | No |
port |
number | No |
threads |
number | No |
timeout |
number | No |
Also see Common Options for a list of options supported by all input plugins.
batch_countedit
- Value type is number
- Default value is
125
The number of events to return from Redis using EVAL.
data_typeedit
- This is a required setting.
- Value can be any of:
list,channel,pattern_channel - There is no default value for this setting.
Specify either list or channel. If data_type is list, then we will BLPOP the key. If data_type is channel, then we will SUBSCRIBE to the key. If data_type is pattern_channel, then we will PSUBSCRIBE to the key.
dbedit
- Value type is number
- Default value is
0
The Redis database number.
hostedit
- Value type is string
- Default value is
"127.0.0.1"
The hostname of your Redis server.
keyedit
- This is a required setting.
- Value type is string
- There is no default value for this setting.
The name of a Redis list or channel.
passwordedit
- Value type is password
- There is no default value for this setting.
Password to authenticate with. There is no authentication by default.
portedit
- Value type is number
- Default value is
6379
The port to connect on.
ssledit
- Value type is boolean
- Default value is
false
Enable SSL support.
threadsedit
- Value type is number
- Default value is
1
timeoutedit
- Value type is number
- Default value is
5
Initial connection timeout in seconds.
Common Optionsedit
The following configuration options are supported by all input plugins:
| Setting | Input type | Required |
|---|---|---|
add_field |
hash | No |
codec |
codec | No |
enable_metric |
boolean | No |
id |
string | No |
tags |
array | No |
type |
string | No |
Detailsedit
add_fieldedit
- Value type is hash
- Default value is
{}
Add a field to an event
codecedit
- Value type is codec
- Default value is
"plain"
The codec used for input data. Input codecs are a convenient method for decoding your data before it enters the input, without needing a separate filter in your Logstash pipeline.
enable_metricedit
- Value type is boolean
- Default value is
true
Disable or enable metric logging for this specific plugin instance by default we record all the metrics we can, but you can disable metrics collection for a specific plugin.
idedit
- Value type is string
- There is no default value for this setting.
Add a unique ID to the plugin configuration. If no ID is specified, Logstash will generate one. It is strongly recommended to set this ID in your configuration. This is particularly useful when you have two or more plugins of the same type, for example, if you have 2 redis inputs. Adding a named ID in this case will help in monitoring Logstash when using the monitoring APIs.
input {
redis {
id => "my_plugin_id"
}
}
tagsedit
- Value type is array
- There is no default value for this setting.
Add any number of arbitrary tags to your event.
This can help with processing later.
typeedit
- Value type is string
- There is no default value for this setting.
Add a type field to all events handled by this input.
Types are used mainly for filter activation.
The type is stored as part of the event itself, so you can also use the type to search for it in Kibana.
If you try to set a type on an event that already has one (for example when you send an event from a shipper to an indexer) then a new input will not override the existing type. A type set at the shipper stays with that event for its life even when sent to another Logstash server.