You can try my test ELK for example on VirtualBox Centos6.5:
eth0 inet addr:192.168.xxx.xxx - bridge for inet
eth1 inet addr:10.1.1.9 - virtual adapter for local
elasticsearch 1.6:
elasticsearch.yml
cluster.name: test
node.name: "elk"
Can see in Chrome via http://192.168.xxx.xxx:9200/ or curl -XGET '10.1.1.9:9200/'
Kibana4:
kibana.yml
port: 5601
host: "0.0.0.0"
elasticsearch_url: "http://10.1.1.9:9200"
Can see in Chrome via http://192.168.xxx.xxx:5601/ or curl -XGET '10.1.1.9:5601'
nginx.conf - add
log_format logstash '$remote_addr [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_time';
access_log /var/log/nginx/access2.log logstash;
logstash-nginx3.conf
input {
file {
path => "/var/log/nginx/access2.log"
type => syslog
}
}
filter {
mutate {
replace => { "type" => "nginx_access" }
}
grok {
match => [ "message", "%{IPORHOST:clientip} [%{HTTPDATE:timestamp}] "(?:%{WORD:verb} %{NOTSPACE:request}(?: HTTP/%{NUMBER:httpversion})?|%{DATA:rawrequest})" %{NUMBER:response} (?:%{NUMBER:bytes}|-) %{QS:referrer} %{QS:agent} %{NUMBER:request_time:float}" ]
}
date {
match => [ "timestamp" , "dd/MMM/YYYY:HH:mm:ss Z" ]
}
geoip {
source => "clientip"
}
}
elasticsearch {
cluster => "test"
protocol => "http"
host => "10.1.1.9"
port => "9200"
index => "logstash-%{+YYYY.MM.dd}"
workers => 5
}
stdout { codec => rubydebug }
}
interesting way for finding problem: try in shell /opt/logstash/bin/logstash -f ./logstash-nginx3.conf --debug