Loki 收集Nginx日志以 grafana 可视化展示

背景

通常用ELK来收集Nginx日志的，对于服务器较少的用elk则显得太重了，可以用loki+Promtail+grafana 代替。

Loki类似elasticsearch，用于存储；Promtail类似fluent，用于收集；grafana类似kibana，用于展示

先放几张图来展示一下成果：

这里是用grafana查询日志

Nginx 配置

首先修改Nginx日志为json格式：

log_format json_analytics escape=json '{''"msec": "$msec", ' # request unixtime in seconds with a milliseconds resolution'"connection": "$connection", ' # connection serial number'"connection_requests": "$connection_requests", ' # number of requests made in connection'"pid": "$pid", ' # process pid'"request_id": "$request_id", ' # the unique request id'"request_length": "$request_length", ' # request length (including headers and body)'"remote_addr": "$remote_addr", ' # client IP'"remote_user": "$remote_user", ' # client HTTP username'"remote_port": "$remote_port", ' # client port'"time_local": "$time_local", ''"time_iso8601": "$time_iso8601", ' # local time in the ISO 8601 standard format'"request": "$request", ' # full path no arguments if the request'"request_uri": "$request_uri", ' # full path and arguments if the request'"args": "$args", ' # args'"status": "$status", ' # response status code'"body_bytes_sent": "$body_bytes_sent", ' # the number of body bytes exclude headers sent to a client'"bytes_sent": "$bytes_sent", ' # the number of bytes sent to a client'"http_referer": "$http_referer", ' # HTTP referer'"http_user_agent": "$http_user_agent", ' # user agent'"http_x_forwarded_for": "$http_x_forwarded_for", ' # http_x_forwarded_for'"http_host": "$http_host", ' # the request Host: header'"server_name": "$server_name", ' # the name of the vhost serving the request'"request_time": "$request_time", ' # request processing time in seconds with msec resolution'"upstream": "$upstream_addr", ' # upstream backend server for proxied requests'"upstream_connect_time": "$upstream_connect_time", ' # upstream handshake time incl. TLS'"upstream_header_time": "$upstream_header_time", ' # time spent receiving upstream headers'"upstream_response_time": "$upstream_response_time", ' # time spend receiving upstream body'"upstream_response_length": "$upstream_response_length", ' # upstream response length'"upstream_cache_status": "$upstream_cache_status", ' # cache HIT/MISS where applicable'"ssl_protocol": "$ssl_protocol", ' # TLS protocol'"ssl_cipher": "$ssl_cipher", ' # TLS cipher'"scheme": "$scheme", ' # http or https'"request_method": "$request_method", ' # request method'"server_protocol": "$server_protocol", ' # request protocol, like HTTP/1.1 or HTTP/2.0'"pipe": "$pipe", ' # "p" if request was pipelined, "." otherwise'"gzip_ratio": "$gzip_ratio", ''"http_cf_ray": "$http_cf_ray",''"geoip_country_code": "$geoip_country_code"''}';access_log /usr/local/nginx/logs/json_access.log json_analytics;

注意这里的geoip_country_code，用于展示哪个国家的哪个城市访问。需要在Nginx添加geoip的支持。

首先通过yum安装geoip及lib库

yum -y install GeoIP GeoIP-data GeoIP-devel

重新编译Nginx，加入--with-http_geoip_module进行添加模块

yum安装的geoip内置的数据较老，需要下载最新的数据

wget https://dl.miyuru.lk/geoip/dbip/country/dbip.dat.gz
gunzip dbip.dat.gz && mv dbip.dat country.dat
wget https://dl.miyuru.lk/geoip/dbip/city/dbip.dat.gz
gunzip dbip.dat.gz && mv dbip.dat city.dat

nginx.conf增加下面两行

geoip_city /usr/local/nginx/html/ip/city.dat;
geoip_country /usr/local/nginx/html/ip/country.dat;

后执行 /usr/local/nginx/sbin/nginx -s reload；现在Nginx的日志是这样的：

{"msec": "1654072604.175", "connection": "92799", "connection_requests": "1", "pid": "4251", "request_id": "47e117ff2287fb32fb8382aff742334b", "request_length": "1105", "remote_addr": "11.125.67.88", "remote_user": "", "remote_port": "18154", "time_local": "01/Jun/2022:16:36:44 +0800", "time_iso8601": "2022-06-01T16:36:44+08:00", "request": "POST /xx/xx.html HTTP/1.1", "request_uri": "/xx/xx.html", "args": "", "status": "200", "body_bytes_sent": "146", "bytes_sent": "308", "http_referer": "http://172.16.124.225:8080/", "http_user_agent": "Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1", "http_x_forwarded_for": "172.16.124.225, 218.104.146.57", "http_host": "xx.com", "server_name": "xx.com", "request_time": "0.704", "upstream": "192.168.96.13:80", "upstream_connect_time": "0.000", "upstream_header_time": "0.700", "upstream_response_time": "0.700", "upstream_response_length": "135", "upstream_cache_status": "", "ssl_protocol": "", "ssl_cipher": "", "scheme": "http", "request_method": "POST", "server_protocol": "HTTP/1.1", "pipe": ".", "gzip_ratio": "", "http_cf_ray": "","geoip_country_code": "US"}

Loki部署

下载软件

wget https://github.com/grafana/loki/releases/download/v2.5.0/loki-linux-amd64.zip
unzip loki-linux-amd64.zip
mv loki-linux-amd64 loki

loki的配置文件

auth_enabled: falseserver:http_listen_port: 3100grpc_listen_port: 9096common:path_prefix: /data/lokistorage:filesystem:chunks_directory: /data/loki/chunksrules_directory: /data/loki/rulesreplication_factor: 1ring:instance_addr: 127.0.0.1kvstore:store: inmemoryschema_config:configs:- from: 2020-10-24store: boltdb-shipperobject_store: filesystemschema: v11index:prefix: index_period: 24hruler:alertmanager_url: http://localhost:9093

启动loki

nohup ./loki -config.file=loki-local-config.yaml &

Promtail 部署

下载软件

wget https://github.com/grafana/loki/releases/download/v2.5.0/promtail-linux-amd64.zip
unzip promtail-linux-amd64.zip
mv promtail-linux-amd64 promtail

配置文件

server:http_listen_port: 9080grpc_listen_port: 0positions:filename: /tmp/positions.yamlclients:- url: http://192.168.96.239:3100/loki/api/v1/pushscrape_configs:
- job_name: nginxpipeline_stages:- replace:expression: '(?:[0-9]{1,3}\.){3}([0-9]{1,3})'replace: '***'static_configs:- targets:- localhostlabels:job: nginx_access_loghost: appfelstrudelagent: promtail__path__: /usr/local/nginx/logs/json_access.log

启动

nohup ./promtail --config.file=promtail-local-config.yaml &

grafana展示

下载安装

wget https://mirrors.cloud.tencent.com/grafana/yum/rpm/grafana-8.5.3-1.x86_64.rpm
yum install -y grafana-8.5.3-1.x86_64.rpm
systemctl start grafana-server

grafana添加数据源，选Loki。

输入url：http://localhost:3100 即可

然后导入 13865 模板即可

下面这篇文章没实践过，不过里面地图可以对应到城市，本篇的地图只能对应到国家：

搭建日志聚合grafana&loki 收集Nginx日志_Zz_糖小七的博客-CSDN博客_loki收集nginx

nginx 设置变量获取国家、城市：

科技常识：Nginx服务器中配置GeoIP模块来拦截指定国家IP_绿色消费网

grafana 面板报 "too many outstanding requests" 错误解决方案

Grafana dashboard shows "too many outstanding requests" after upgrade to v2.4.2 - bytemeta

grafana 面板报 "maximum of series (500) reached for a single query" 错误解决方案

maximum of series (500) reached for a single query - Installation - Grafana Labs Community Forums

grafana 面板报 " net/http: timeout awaiting response headers (Client.Timeout exceeded while awaiting headers)" 错误解决方案

Configure Grafana | Grafana documentation

loki 查询超时解决方案

Loki datasource timeout at 30s · Issue #42801 · grafana/grafana · GitHub

loki 用缓存加速查询

巧用缓存加速Loki查询 - 腾讯云开发者社区-腾讯云

loki 配置文件范例参考

Loki datasource timeout at 30s · Issue #42801 · grafana/grafana · GitHub