logstash 过虑nginx访问日志
logstash#vi nginx_logs.confinput {
file {
type => "nginx-access"
path => "/www/log/nginx/access/default.log"
start_position => "beginning"
}
}
filter {
if == "nginx-access" {
grok {
match => { "message" => "%{NGINXACCESS}" }
}
date {
match => [ "timestamp" , "dd/MMM/YYYY:HH:mm:ss Z" ]
}
geoip {
source => "clientip"
target => "geoip"
database =>"/server/logstash/vendor/geoip/GeoLiteCity.dat"
add_field => [ "", "%{}" ]
add_field => [ "", "%{}"]
}
mutate {
convert => [ "", "float" ]
}
}
}
output {
redis {
host => "10.252.35.170"
port => 6379
data_type => "list"
key => "logstash"
}
}
页:
[1]