logstash对nginx日志进行解析
input { redis {host => "192.168.1.109"
port => 6379
db => "0"
data_type => "list"
key => "test"
}
}
filter{
json {
source => "message"
remove_field => "message"
}
useragent {
source => "agent"
target => "agent"
remove_field => ["","","","",""]
}
date {
match => ["access_time", "dd/MMM/yyyy:HH:mm:ss Z"]
}
mutate {
remove_field => ["beat","host","prospector","@version","offset","input","source","access_time"]
convert => {"body_bytes_sent" => "integer"}
convert => {"up_response_time" => "float"}
convert => {"request_time" => "float"}
}
geoip {
source => "remote_addr"
target => "geoip"
remove_field => ["","","","",""]
add_field => ["", "%{}"]
add_field => ["", "%{}"]
}
mutate {
convert => ["","float"]
}
}
output {
if == "newvp" {
elasticsearch {
hosts=> ["192.168.1.110:9200","192.168.1.111:9200","192.168.1.112:9200"]
index=> "%{type}-%{+YYYY.MM.dd}"
}
stdout {
codec => rubydebug
}
#stdout用于调试,正式使用可以去掉
}
}
页:
[1]