00000202
原始nginx配置
...
#log format
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" $http_x_forwarded_for';
access_log on;
access_log logs/access.log main;
access_log "pipe:rollback logs/access_log interval=1d baknum=7 maxsize=2G" main;
...
# /etc/filebeat/filebeat.yml
[root@204-web filebeat]# cat filebeat.yml
# /etc/filebeat/filebeat.yml
filebeat.inputs:
- type: filestream
id: nginx-access-204
enabled: true
paths:
- /home/deploy/nginx/logs/access_log
fields:
log_type: nginx_access
fields_under_root: true
- type: filestream
id: nginx-error-204
enabled: true
paths:
- /home/deploy/nginx/logs/nginx_error.log
fields:
log_type: nginx_error
fields_under_root: true
parsers:
- multiline:
pattern: '^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'
negate: false
match: after
# Nginx 模块配置 - 使用模块自带的解析功能
filebeat.config:
modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: true
reload.period: 10s
# 使用可用的处理器进行补充处理
processors:
- add_host_metadata: {}
- add_cloud_metadata: {}
# Elasticsearch 输出
output.elasticsearch:
hosts: ["http://10.0.0.91:9200", "http://10.0.0.92:9200", "http://10.0.0.93:9200"]
##设置处理geoip的pipeline,如果这里不配置则需要在索引模版里面指定。
pipeline: "nginx-geoip"
indices:
- index: "filebeat-nginx-access-%{+yyyy.MM.dd}"
when.equals:
log_type: "nginx_access"
- index: "filebeat-nginx-error-%{+yyyy.MM.dd}"
when.equals:
log_type: "nginx_error"
# 索引模板设置
setup.template:
name: "filebeat-nginx"
pattern: "filebeat-nginx-*"
enabled: true
overwrite: false # 不覆盖默认模板
# Kibana 配置
setup.kibana:
host: "10.0.0.91:5601"
# 监控配置
monitoring:
enabled: false
elasticsearch:
hosts: ["http://10.0.0.91:9200", "http://10.0.0.92:9200", "http://10.0.0.93:9200"]
# 生命周期
setup.ilm:
enabled: false
# 日志配置
logging:
level: info
to_files: true
files:
path: /var/log/filebeat
name: filebeat
keepfiles: 7
permissions: 0644
# /etc/filebeat/modules.d/nginx.yml
[root@204-web modules.d]# cat nginx.yml
- module: nginx
access:
enabled: true
var.paths: ["/home/deploy/nginx/logs/access_log"]
input:
type: filestream
prospector.scanner:
check_interval: 10s
error:
enabled: true
var.paths: ["/home/deploy/nginx/logs/nginx_error.log"]
input:
type: filestream
prospector.scanner:
check_interval: 10
在 Filebeat 8.19.7 版本中,geoip处理器已经被移除,个人推荐使用logstash更灵活成熟。
注意:需要在filebeat配置中指定,如果不指定则不生效
# 1.设置es下载geoip,设置之后需要等待5-30分钟
curl -X PUT "http://10.0.0.91:9200/_cluster/settings" \
-H "Content-Type: application/json" \
-d '
{
"persistent": {
"ingest.geoip.downloader.enabled": true
}
}'
# 检查 GeoIP 相关设置
curl -X GET "http://10.0.0.91:9200/_cluster/settings?include_defaults=true&flat_settings=true&pretty" | grep -i geoip
# 2.创建pipeline
curl -X PUT "http://10.0.0.91:9200/_ingest/pipeline/nginx-geoip" \
-H "Content-Type: application/json" \
-d '
{
"description": "Nginx logs processing with GeoIP",
"processors": [
{
"grok": {
"field": "message",
"patterns": [
"%{IPORHOST:source.ip} - %{DATA:remote_user} \\[%{HTTPDATE:time_local}\\] \"%{WORD:http.method} %{DATA:http.path} HTTP/%{NUMBER:http.protocol}\" %{NUMBER:status:int} %{NUMBER:body_bytes_sent:long} \"%{DATA:http_referer}\" \"%{DATA:user_agent}\" %{GREEDYDATA:x_forwarded_for}"
],
"ignore_failure": true
}
},
{
"geoip": {
"field": "source.ip",
"target_field": "geoip", // ✅ 关键:改为 geoip,与模板一致
"database_file": "GeoLite2-City.mmdb",
"properties": ["country_name", "country_iso_code", "region_name", "city_name", "location"],
"ignore_missing": true
}
},
{
"user_agent": {
"field": "user_agent",
"target_field": "user_agent_obj",
"ignore_missing": true
}
},
{
"date": {
"field": "time_local",
"formats": ["dd/MMM/yyyy:HH:mm:ss Z"],
"timezone": "UTC",
"target_field": "@timestamp"
}
}
]
}'
# 3.验证
curl -X POST "http://10.0.0.91:9200/_ingest/pipeline/nginx-geoip/_simulate" \
-H "Content-Type: application/json" \
-d '
{
"docs": [
{
"_source": {
"message": "223.104.1.100 - - [30/Nov/2025:13:00:40 +0800] \"GET /test HTTP/1.1\" 200 1234 \"http://example.com\" \"Mozilla/5.0\" -"
}
}
]
}' | jq .
##出现以下信息说明成功
"source": {
"geo": {
"country_name": "United States",
"location": {
"lon": -97.822,
"lat": 37.751
},
"country_iso_code": "US"
},
#
# 手动创建索引模板
# 索引模板配置
curl -X PUT "http://10.0.0.91:9200/_index_template/filebeat-nginx" \
-H "Content-Type: application/json" \
-d '
{
"index_patterns": ["filebeat-nginx-*"],
"priority": 1,
"template": {
"settings": {
"index": {
"number_of_shards": 3,
"number_of_replicas": 1,
"codec": "best_compression",
"refresh_interval": "5s"
}
},
"mappings": {
"dynamic_templates": [
{
"strings_as_keyword": {
"match_mapping_type": "string",
"mapping": {
"type": "keyword"
}
}
}
],
"properties": {
"@timestamp": { "type": "date" },
"source": {
"properties": {
"ip": { "type": "ip" }
}
},
"geoip": {
"properties": {
"location": { "type": "geo_point" },
"continent_name": { "type": "keyword" },
"country_name": { "type": "keyword" },
"country_iso_code": { "type": "keyword" },
"region_name": { "type": "keyword" },
"city_name": { "type": "keyword" }
}
},
"http": {
"properties": {
"method": { "type": "keyword" },
"path": { "type": "keyword" },
"protocol": { "type": "keyword" },
"response": {
"properties": {
"code": { "type": "integer" },
"bytes": { "type": "long" }
}
}
}
},
"user_agent": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"remote_addr": { "type": "ip" },
"status": { "type": "integer" },
"body_bytes_sent": { "type": "long" },
"time_local": {
"type": "date",
"format": "dd/MMM/yyyy:HH:mm:ss Z"
}
}
}
}
}'
# 手动创建索引模板
# 索引模板配置
curl -X PUT "http://10.0.0.91:9200/_index_template/filebeat-nginx" \
-H "Content-Type: application/json" \
-d '
{
"index_patterns": ["filebeat-nginx-*"],
"priority": 1,
"template": {
"settings": {
"index": {
"number_of_shards": 3,
"number_of_replicas": 1,
"codec": "best_compression",
"refresh_interval": "5s"
}
},
"mappings": {
"dynamic_templates": [
{
"strings_as_keyword": {
"match_mapping_type": "string",
"mapping": {
"type": "keyword"
}
}
}
],
"properties": {
"@timestamp": { "type": "date" },
"source": {
"properties": {
"ip": { "type": "ip" }
}
},
"geoip": {
"properties": {
"location": { "type": "geo_point" },
"continent_name": { "type": "keyword" },
"country_name": { "type": "keyword" },
"country_iso_code": { "type": "keyword" },
"region_name": { "type": "keyword" },
"city_name": { "type": "keyword" }
}
},
"http": {
"properties": {
"method": { "type": "keyword" },
"path": { "type": "keyword" },
"protocol": { "type": "keyword" },
"response": {
"properties": {
"code": { "type": "integer" },
"bytes": { "type": "long" }
}
}
}
},
"user_agent": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"remote_addr": { "type": "ip" },
"status": { "type": "integer" },
"body_bytes_sent": { "type": "long" },
"time_local": {
"type": "date",
"format": "dd/MMM/yyyy:HH:mm:ss Z"
}
}
}
}
}'
导入:可能没有响应时间,自行删除或者修改就可以。如果指定ID和上面的dongshufeng冲突则全部替换成别的即可。
###把以下保存成filebeat-nginx.ndjson,然后导入就行,一共11行
{"attributes":{"allowHidden":false,"fieldAttrs":"{\"geoip.city_name\":{\"count\":1},\"geoip.country_iso_code\":{\"count\":3},\"geoip.country_name\":{\"count\":1},\"source.ip\":{\"count\":8},\"source.geo.country_iso_code\":{\"count\":2},\"source.geo.country_name\":{\"count\":2},\"source.geo.location.lat\":{\"count\":1},\"source.geo.location.lon\":{\"count\":2},\"source.geo.continent_name\":{\"count\":1},\"source.geo.country_name.keyword\":{\"count\":1},\"source.ip.keyword\":{\"count\":1},\"source.address.keyword\":{\"count\":1},\"related.ip\":{\"count\":1},\"geoip.region_name\":{\"count\":1}}","fieldFormatMap":"{}","fields":"[]","name":"filebeat-nginx-access","runtimeFieldMap":"{}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"filebeat-nginx-*"},"coreMigrationVersion":"8.8.0","created_at":"2025-11-28T11:28:15.839Z","id":"dongshufeng","managed":false,"references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2025-11-30T15:11:00.709Z","version":"WzYzMTgsNV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"请求量趋势","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"请求量趋势\",\"type\":\"area\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now/d\",\"to\":\"now/d\"},\"useNormalizedEsInterval\":true,\"extendToTimeRange\":false,\"scaleMetricValues\":false,\"interval\":\"auto\",\"used_interval\":\"30m\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"}],\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"@timestamp per 30 minutes\"},\"type\":\"category\"}],\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"legendPosition\":\"right\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"计数\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"area\",\"valueAxis\":\"ValueAxis-1\"}],\"times\":[],\"type\":\"area\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"legendSize\":\"auto\",\"detailedTooltip\":true,\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"fittingFunction\":\"linear\",\"truncateLegend\":true,\"maxLegendLines\":1,\"radiusRatio\":9,\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"labels\":{}}}"},"coreMigrationVersion":"8.8.0","created_at":"2025-11-28T11:28:15.839Z","id":"8bac3341-0058-459f-bd93-199e7ab3e22a","managed":false,"references":[{"id":"dongshufeng","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2025-11-30T15:18:36.927Z","version":"WzYzNDMsNV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"响应时间趋势","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"响应时间趋势\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"avg\",\"params\":{\"field\":\"responsetime\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-15m\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"extendToTimeRange\":false,\"scaleMetricValues\":false,\"interval\":\"auto\",\"used_interval\":\"30s\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"}],\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"@timestamp per 30 minutes\"},\"type\":\"category\"}],\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"legendPosition\":\"right\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"responsetime平均值\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"times\":[],\"type\":\"line\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Average\"},\"type\":\"value\"}],\"legendSize\":\"auto\",\"detailedTooltip\":true,\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"fittingFunction\":\"linear\",\"truncateLegend\":true,\"maxLegendLines\":1,\"labels\":{},\"radiusRatio\":9,\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}"},"coreMigrationVersion":"8.8.0","created_at":"2025-11-28T11:28:15.839Z","id":"34a9bffa-47b9-405c-ad92-bef0e84e6db2","managed":false,"references":[{"id":"dongshufeng","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2025-11-28T15:35:32.342Z","version":"WzYwMDYsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"HTTP状态码分布","uiStateJSON":"{\"vis\":{\"colors\":{\"200\":\"#7EB26D\",\"302\":\"#EF843C\",\"304\":\"#E24D42\",\"404\":\"#EAB839\",\"500\":\"#BF1B00\"}}}","version":1,"visState":"{\"title\":\"HTTP状态码分布\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"status\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"其他\",\"missingBucket\":false,\"missingBucketLabel\":\"缺失\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"segment\"}],\"params\":{\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\",\"legendDisplay\":\"show\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"distinctColors\":false,\"emptySizeRatio\":0.3,\"palette\":{\"type\":\"palette\",\"name\":\"default\"}}}"},"coreMigrationVersion":"8.8.0","created_at":"2025-11-28T11:28:15.839Z","id":"e20f226c-967c-4fac-88e7-6a291bc33a06","managed":false,"references":[{"id":"dongshufeng","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2025-11-30T15:14:09.547Z","version":"WzYzMjYsNV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"URI请求量Top 10","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"URI请求量Top 10\",\"type\":\"horizontal_bar\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"http.path\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"其他\",\"missingBucket\":false,\"missingBucketLabel\":\"缺失\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"segment\"}],\"params\":{\"addLegend\":false,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"left\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"legendPosition\":\"right\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"计数\"},\"drawLinesBetweenPoints\":true,\"mode\":\"normal\",\"show\":true,\"showCircles\":false,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"times\":[],\"type\":\"horizontal_bar\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true},\"name\":\"LeftAxis-1\",\"position\":\"bottom\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"legendSize\":\"auto\",\"detailedTooltip\":true,\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"truncateLegend\":true,\"maxLegendLines\":1,\"labels\":{},\"radiusRatio\":0,\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}"},"coreMigrationVersion":"8.8.0","created_at":"2025-11-28T11:28:15.839Z","id":"22dd8c36-6a7b-45d1-9cc0-259bd1edd2ce","managed":false,"references":[{"id":"dongshufeng","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2025-11-30T15:37:10.617Z","version":"WzY0MTcsNV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"客户端IP Top 10","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"客户端IP Top 10\",\"type\":\"horizontal_bar\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"其他\",\"missingBucket\":false,\"missingBucketLabel\":\"缺失\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"segment\"}],\"params\":{\"addLegend\":false,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"left\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"legendPosition\":\"right\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"计数\"},\"drawLinesBetweenPoints\":true,\"mode\":\"normal\",\"show\":true,\"showCircles\":false,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"times\":[],\"type\":\"horizontal_bar\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true},\"name\":\"LeftAxis-1\",\"position\":\"bottom\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"legendSize\":\"auto\",\"detailedTooltip\":true,\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"truncateLegend\":true,\"maxLegendLines\":1,\"labels\":{},\"radiusRatio\":0,\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}"},"coreMigrationVersion":"8.8.0","created_at":"2025-11-28T11:28:15.839Z","id":"d1b7df73-eefb-438f-8e2f-1fbdb53b5b85","managed":false,"references":[{"id":"dongshufeng","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2025-11-30T15:19:03.649Z","version":"WzYzNDYsNV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"数据传输量统计","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"数据传输量统计\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"body_bytes_sent\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"avg\",\"params\":{\"field\":\"body_bytes_sent\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"body_bytes_sent\"},\"schema\":\"metric\"}],\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"60\",\"handleNoResults\":true,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}}}"},"coreMigrationVersion":"8.8.0","created_at":"2025-11-28T11:28:15.839Z","id":"6ce742f2-040a-4e30-9e15-2cb58b9ac9a1","managed":false,"references":[{"id":"dongshufeng","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2025-11-30T15:16:32.017Z","version":"WzYzMzYsNV0="}
{"attributes":{"controlGroupInput":{"chainingSystem":"HIERARCHICAL","controlStyle":"oneLine","ignoreParentSettingsJSON":"{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}","panelsJSON":"{}","showApplySelections":false},"description":"Nginx访问日志实时监控仪表板","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":true,\"syncCursor\":true,\"syncTooltips\":true,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"visualization\",\"panelRefName\":\"panel_43e4f20b-40e2-4cf6-bcad-72324f6b21bb\",\"embeddableConfig\":{\"savedObjectId\":\"8bac3341-0058-459f-bd93-199e7ab3e22a\"},\"panelIndex\":\"43e4f20b-40e2-4cf6-bcad-72324f6b21bb\",\"gridData\":{\"i\":\"43e4f20b-40e2-4cf6-bcad-72324f6b21bb\",\"y\":11,\"x\":0,\"w\":13,\"h\":8}},{\"type\":\"visualization\",\"panelRefName\":\"panel_a9516538-a7fe-4851-9742-a37d93e7a6be\",\"embeddableConfig\":{\"savedObjectId\":\"34a9bffa-47b9-405c-ad92-bef0e84e6db2\"},\"panelIndex\":\"a9516538-a7fe-4851-9742-a37d93e7a6be\",\"gridData\":{\"i\":\"a9516538-a7fe-4851-9742-a37d93e7a6be\",\"y\":11,\"x\":13,\"w\":10,\"h\":8}},{\"type\":\"visualization\",\"panelRefName\":\"panel_e98fb440-de3d-49ea-acca-9a6a73308787\",\"embeddableConfig\":{\"savedObjectId\":\"e20f226c-967c-4fac-88e7-6a291bc33a06\",\"enhancements\":{\"dynamicActions\":{\"events\":[]}},\"uiState\":{\"vis\":{\"colors\":{\"200\":\"#7EB26D\",\"302\":\"#EF843C\",\"304\":\"#E24D42\",\"404\":\"#EAB839\",\"500\":\"#BF1B00\"}}}},\"panelIndex\":\"e98fb440-de3d-49ea-acca-9a6a73308787\",\"gridData\":{\"i\":\"e98fb440-de3d-49ea-acca-9a6a73308787\",\"y\":11,\"x\":23,\"w\":10,\"h\":8}},{\"type\":\"visualization\",\"panelRefName\":\"panel_5209844f-6dda-43a1-8e04-3f13b5317709\",\"embeddableConfig\":{\"savedObjectId\":\"22dd8c36-6a7b-45d1-9cc0-259bd1edd2ce\"},\"panelIndex\":\"5209844f-6dda-43a1-8e04-3f13b5317709\",\"gridData\":{\"i\":\"5209844f-6dda-43a1-8e04-3f13b5317709\",\"y\":19,\"x\":0,\"w\":16,\"h\":9}},{\"type\":\"visualization\",\"panelRefName\":\"panel_c6b2bc4f-1820-45f7-81b7-cc10cf0990ea\",\"embeddableConfig\":{\"savedObjectId\":\"d1b7df73-eefb-438f-8e2f-1fbdb53b5b85\"},\"panelIndex\":\"c6b2bc4f-1820-45f7-81b7-cc10cf0990ea\",\"gridData\":{\"i\":\"c6b2bc4f-1820-45f7-81b7-cc10cf0990ea\",\"y\":19,\"x\":16,\"w\":17,\"h\":9}},{\"type\":\"visualization\",\"panelRefName\":\"panel_3bf36da7-63bd-4f35-8cb5-daa3e98532d6\",\"embeddableConfig\":{\"savedObjectId\":\"6ce742f2-040a-4e30-9e15-2cb58b9ac9a1\"},\"panelIndex\":\"3bf36da7-63bd-4f35-8cb5-daa3e98532d6\",\"gridData\":{\"i\":\"3bf36da7-63bd-4f35-8cb5-daa3e98532d6\",\"y\":28,\"x\":0,\"w\":33,\"h\":8}},{\"type\":\"map\",\"embeddableConfig\":{\"attributes\":{\"title\":\"地理位置分布图\",\"description\":\"\",\"layerListJSON\":\"[{\\\"locale\\\":\\\"autoselect\\\",\\\"sourceDescriptor\\\":{\\\"type\\\":\\\"EMS_TMS\\\",\\\"isAutoSelect\\\":true,\\\"lightModeDefault\\\":\\\"road_map_desaturated\\\"},\\\"id\\\":\\\"29b22c79-3f3b-4f89-b1d3-82bf6e5f9610\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":1,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"EMS_VECTOR_TILE\\\",\\\"color\\\":\\\"\\\"},\\\"includeInFitToBounds\\\":true,\\\"type\\\":\\\"EMS_VECTOR_TILE\\\"},{\\\"sourceDescriptor\\\":{\\\"geoField\\\":\\\"geoip.location\\\",\\\"scalingType\\\":\\\"MVT\\\",\\\"id\\\":\\\"53f13286-9dd9-4026-b70d-8891ecaf22fb\\\",\\\"type\\\":\\\"ES_SEARCH\\\",\\\"applyGlobalQuery\\\":true,\\\"applyGlobalTime\\\":true,\\\"applyForceRefresh\\\":true,\\\"filterByMapBounds\\\":true,\\\"tooltipProperties\\\":[],\\\"sortField\\\":\\\"\\\",\\\"sortOrder\\\":\\\"desc\\\",\\\"topHitsGroupByTimeseries\\\":false,\\\"topHitsSplitField\\\":\\\"\\\",\\\"topHitsSize\\\":1,\\\"indexPatternRefName\\\":\\\"layer_1_source_index_pattern\\\"},\\\"id\\\":\\\"a4c4b325-aa60-4571-ac21-1ac753a96a85\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":0.75,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"VECTOR\\\",\\\"properties\\\":{\\\"icon\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"value\\\":\\\"marker\\\"}},\\\"fillColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#54B399\\\"}},\\\"lineColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#41937c\\\"}},\\\"lineWidth\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":0}},\\\"iconSize\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":6}},\\\"iconOrientation\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"orientation\\\":0}},\\\"labelText\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"value\\\":\\\"\\\"}},\\\"labelColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#000000\\\"}},\\\"labelSize\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":14}},\\\"labelZoomRange\\\":{\\\"options\\\":{\\\"useLayerZoomRange\\\":true,\\\"minZoom\\\":0,\\\"maxZoom\\\":24}},\\\"labelBorderColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#FFFFFF\\\"}},\\\"symbolizeAs\\\":{\\\"options\\\":{\\\"value\\\":\\\"circle\\\"}},\\\"labelBorderSize\\\":{\\\"options\\\":{\\\"size\\\":\\\"SMALL\\\"}},\\\"labelPosition\\\":{\\\"options\\\":{\\\"position\\\":\\\"CENTER\\\"}}},\\\"isTimeAware\\\":true},\\\"includeInFitToBounds\\\":true,\\\"type\\\":\\\"MVT_VECTOR\\\",\\\"joins\\\":[],\\\"disableTooltips\\\":false}]\",\"mapStateJSON\":\"{\\\"adHocDataViews\\\":[],\\\"zoom\\\":1.63,\\\"center\\\":{\\\"lon\\\":0.14134,\\\"lat\\\":20.17537},\\\"timeFilters\\\":{\\\"from\\\":\\\"now/w\\\",\\\"to\\\":\\\"now/w\\\"},\\\"refreshConfig\\\":{\\\"isPaused\\\":true,\\\"interval\\\":60000},\\\"query\\\":{\\\"query\\\":\\\"\\\",\\\"language\\\":\\\"kuery\\\"},\\\"filters\\\":[],\\\"settings\\\":{\\\"autoFitToDataBounds\\\":false,\\\"backgroundColor\\\":\\\"transparent\\\",\\\"customIcons\\\":[],\\\"disableInteractive\\\":false,\\\"disableTooltipControl\\\":false,\\\"hideToolbarOverlay\\\":false,\\\"hideLayerControl\\\":false,\\\"hideViewControl\\\":false,\\\"initialLocation\\\":\\\"LAST_SAVED_LOCATION\\\",\\\"fixedLocation\\\":{\\\"lat\\\":0,\\\"lon\\\":0,\\\"zoom\\\":2},\\\"browserLocation\\\":{\\\"zoom\\\":2},\\\"keydownScrollZoom\\\":false,\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"projection\\\":\\\"globeInterpolate\\\",\\\"showScaleControl\\\":false,\\\"showSpatialFilters\\\":true,\\\"showTimesliderToggleButton\\\":true,\\\"spatialFiltersAlpa\\\":0.3,\\\"spatialFiltersFillColor\\\":\\\"#DA8B45\\\",\\\"spatialFiltersLineColor\\\":\\\"#DA8B45\\\"}}\",\"uiStateJSON\":\"{\\\"isLayerTOCOpen\\\":true,\\\"openTOCDetails\\\":[]}\"},\"enhancements\":{\"dynamicActions\":{\"events\":[]}},\"hiddenLayers\":[],\"isLayerTOCOpen\":true,\"mapBuffer\":{\"minLon\":22.5,\"minLat\":0,\"maxLon\":202.5,\"maxLat\":40.9799},\"mapCenter\":{\"lon\":111.99845,\"lat\":28.05596,\"zoom\":3.34},\"openTOCDetails\":[]},\"panelIndex\":\"0b3d87dc-63d4-409b-a535-7eeb5e8e016e\",\"gridData\":{\"i\":\"0b3d87dc-63d4-409b-a535-7eeb5e8e016e\",\"y\":0,\"x\":0,\"w\":33,\"h\":11}}]","timeRestore":false,"title":"Nginx访问监控大盘","version":3},"coreMigrationVersion":"8.8.0","created_at":"2025-11-28T11:28:15.839Z","id":"nginx-monitoring-dashboard","managed":false,"references":[{"id":"dongshufeng","name":"43e4f20b-40e2-4cf6-bcad-72324f6b21bb:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"8bac3341-0058-459f-bd93-199e7ab3e22a","name":"43e4f20b-40e2-4cf6-bcad-72324f6b21bb:panel_43e4f20b-40e2-4cf6-bcad-72324f6b21bb","type":"visualization"},{"id":"8bac3341-0058-459f-bd93-199e7ab3e22a","name":"43e4f20b-40e2-4cf6-bcad-72324f6b21bb:panel_43e4f20b-40e2-4cf6-bcad-72324f6b21bb","type":"visualization"},{"id":"dongshufeng","name":"a9516538-a7fe-4851-9742-a37d93e7a6be:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"34a9bffa-47b9-405c-ad92-bef0e84e6db2","name":"a9516538-a7fe-4851-9742-a37d93e7a6be:panel_a9516538-a7fe-4851-9742-a37d93e7a6be","type":"visualization"},{"id":"34a9bffa-47b9-405c-ad92-bef0e84e6db2","name":"a9516538-a7fe-4851-9742-a37d93e7a6be:panel_a9516538-a7fe-4851-9742-a37d93e7a6be","type":"visualization"},{"id":"dongshufeng","name":"e98fb440-de3d-49ea-acca-9a6a73308787:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"e20f226c-967c-4fac-88e7-6a291bc33a06","name":"e98fb440-de3d-49ea-acca-9a6a73308787:panel_e98fb440-de3d-49ea-acca-9a6a73308787","type":"visualization"},{"id":"e20f226c-967c-4fac-88e7-6a291bc33a06","name":"e98fb440-de3d-49ea-acca-9a6a73308787:panel_e98fb440-de3d-49ea-acca-9a6a73308787","type":"visualization"},{"id":"dongshufeng","name":"5209844f-6dda-43a1-8e04-3f13b5317709:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"22dd8c36-6a7b-45d1-9cc0-259bd1edd2ce","name":"5209844f-6dda-43a1-8e04-3f13b5317709:panel_5209844f-6dda-43a1-8e04-3f13b5317709","type":"visualization"},{"id":"22dd8c36-6a7b-45d1-9cc0-259bd1edd2ce","name":"5209844f-6dda-43a1-8e04-3f13b5317709:panel_5209844f-6dda-43a1-8e04-3f13b5317709","type":"visualization"},{"id":"dongshufeng","name":"c6b2bc4f-1820-45f7-81b7-cc10cf0990ea:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"d1b7df73-eefb-438f-8e2f-1fbdb53b5b85","name":"c6b2bc4f-1820-45f7-81b7-cc10cf0990ea:panel_c6b2bc4f-1820-45f7-81b7-cc10cf0990ea","type":"visualization"},{"id":"d1b7df73-eefb-438f-8e2f-1fbdb53b5b85","name":"c6b2bc4f-1820-45f7-81b7-cc10cf0990ea:panel_c6b2bc4f-1820-45f7-81b7-cc10cf0990ea","type":"visualization"},{"id":"dongshufeng","name":"3bf36da7-63bd-4f35-8cb5-daa3e98532d6:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"6ce742f2-040a-4e30-9e15-2cb58b9ac9a1","name":"3bf36da7-63bd-4f35-8cb5-daa3e98532d6:panel_3bf36da7-63bd-4f35-8cb5-daa3e98532d6","type":"visualization"},{"id":"6ce742f2-040a-4e30-9e15-2cb58b9ac9a1","name":"3bf36da7-63bd-4f35-8cb5-daa3e98532d6:panel_3bf36da7-63bd-4f35-8cb5-daa3e98532d6","type":"visualization"},{"id":"dongshufeng","name":"0b3d87dc-63d4-409b-a535-7eeb5e8e016e:layer_1_source_index_pattern","type":"index-pattern"}],"type":"dashboard","typeMigrationVersion":"10.3.0","updated_at":"2025-11-30T15:41:24.423Z","version":"WzY0MjMsNV0="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"6030016d-5a33-4378-9eea-e6adb9c1f881":{"columnOrder":["aa718c2a-3d84-4793-9a15-f06fb5c12730","b2cc38b4-7212-4cd6-8b05-93a23a77d0fa"],"columns":{"aa718c2a-3d84-4793-9a15-f06fb5c12730":{"dataType":"string","isBucketed":true,"label":"geoip.city_name 的排名前 10 的值","operationType":"terms","params":{"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"b2cc38b4-7212-4cd6-8b05-93a23a77d0fa","type":"column"},"orderDirection":"desc","otherBucket":true,"parentFormat":{"id":"terms"},"size":10},"sourceField":"geoip.city_name"},"b2cc38b4-7212-4cd6-8b05-93a23a77d0fa":{"dataType":"number","isBucketed":false,"label":"记录计数","operationType":"count","params":{"emptyAsNull":true},"sourceField":"___records___"}},"incompleteColumns":{},"sampling":1}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":""},"visualization":{"axisTitlesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"fittingFunction":"Linear","gridlinesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"labelsOrientation":{"x":0,"yLeft":0,"yRight":0},"layers":[{"accessors":["b2cc38b4-7212-4cd6-8b05-93a23a77d0fa"],"colorMapping":{"assignments":[],"colorMode":{"type":"categorical"},"paletteId":"default","specialAssignments":[{"color":{"type":"loop"},"rules":[{"type":"other"}],"touched":false}]},"layerId":"6030016d-5a33-4378-9eea-e6adb9c1f881","layerType":"data","seriesType":"bar_stacked","xAccessor":"aa718c2a-3d84-4793-9a15-f06fb5c12730"}],"legend":{"isVisible":true,"position":"right"},"preferredSeriesType":"bar_stacked","tickLabelsVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"valueLabels":"hide"}},"title":"城市排名","visualizationType":"lnsXY"},"coreMigrationVersion":"8.8.0","created_at":"2025-11-30T15:27:02.228Z","id":"1c5051ba-0141-435c-aa79-353091f1955b","managed":false,"references":[{"id":"dongshufeng","name":"indexpattern-datasource-layer-6030016d-5a33-4378-9eea-e6adb9c1f881","type":"index-pattern"}],"type":"lens","typeMigrationVersion":"8.9.0","updated_at":"2025-11-30T15:27:02.228Z","version":"WzYzNzYsNV0="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"9fc8542c-101d-4718-bd01-dd96346cbcf4":{"columnOrder":["4ec47542-cb8e-497e-a14d-ce58ad84c4a9","03394011-588a-4fab-85e1-368b3e9bfa40"],"columns":{"03394011-588a-4fab-85e1-368b3e9bfa40":{"dataType":"number","isBucketed":false,"label":"记录计数","operationType":"count","params":{"emptyAsNull":true},"sourceField":"___records___"},"4ec47542-cb8e-497e-a14d-ce58ad84c4a9":{"dataType":"string","isBucketed":true,"label":"http_referer 的排名前 10 的值","operationType":"terms","params":{"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"03394011-588a-4fab-85e1-368b3e9bfa40","type":"column"},"orderDirection":"desc","otherBucket":true,"parentFormat":{"id":"terms"},"size":10},"sourceField":"http_referer"}},"incompleteColumns":{},"sampling":1}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":""},"visualization":{"axisTitlesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"fittingFunction":"Linear","gridlinesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"labelsOrientation":{"x":0,"yLeft":0,"yRight":0},"layers":[{"accessors":["03394011-588a-4fab-85e1-368b3e9bfa40"],"colorMapping":{"assignments":[],"colorMode":{"type":"categorical"},"paletteId":"default","specialAssignments":[{"color":{"type":"loop"},"rules":[{"type":"other"}],"touched":false}]},"layerId":"9fc8542c-101d-4718-bd01-dd96346cbcf4","layerType":"data","seriesType":"bar_stacked","xAccessor":"4ec47542-cb8e-497e-a14d-ce58ad84c4a9"}],"legend":{"isVisible":true,"position":"right"},"preferredSeriesType":"bar_stacked","tickLabelsVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"valueLabels":"hide"}},"title":"请求量前十网址","visualizationType":"lnsXY"},"coreMigrationVersion":"8.8.0","created_at":"2025-11-30T15:24:01.844Z","id":"111c6d8d-1c55-40dd-924a-e3b9703c6e20","managed":false,"references":[{"id":"dongshufeng","name":"indexpattern-datasource-layer-9fc8542c-101d-4718-bd01-dd96346cbcf4","type":"index-pattern"}],"type":"lens","typeMigrationVersion":"8.9.0","updated_at":"2025-11-30T15:24:01.844Z","version":"WzYzNjUsNV0="}
{"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":10,"missingRefCount":0,"missingReferences":[]}
PNG