logstash获取nginx日志分析

nginx logstash
  1. 配置文件

配置文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
input {
    redis {
        host => "10.0.20.120"
        port => "6379"
        key => "nginx_log"
        data_type => "list"
        threads => "2"
        db => "0"
        type => "nginx_log"
    }
}
filter {
    grok {
        match => {"message" => "%{IPORHOST:clientip} \[%{HTTPDATE:timestap}\] %{WORD:http_methed} %{NOTSPACE:request} %{NOTSPACE:request_query} %{NUMBER:status_code} %{NUMBER:bytes} %{NOTSPACE:referer} %{QS:user_agent}"}
    }
    mutate {
        convert => ["bytes", "integer", "status_code", "integer"]
    }
    geoip {
        source => "clientip"
    }
}
output {
    elasticsearch {
        hosts => ["10.0.20.122:9200"]
        index => "test5-%{+YYYY.MM.dd}"
    }
}

当前网速较慢或者你使用的浏览器不支持博客特定功能,请尝试刷新或换用Chrome、Firefox等现代浏览器