ELK-Logstash Nginx 日志分析
详细内容见:https://www.chinasa.net
logstash配置文件
# nginx_log.conf
input { file { type => "nginx_log" path => "/opt/nginx/logs/access.log" }}filter {if == "nginx_log" { grok { match => { "message" => "%{NGINXACCESS}" } } if ( =~ "^*launcher*|^*favicon*") { drop {} } geoip { source => "remote_addr" target => "geoip" database => "/opt/logstash-2.0.0/conf/GeoLiteCity.dat" add_field => [ "", "%{}" ] add_field => [ "", "%{}"] } mutate { convert => [ "","float", "body_bytes_sent","float", \
"body_bytes_sent.raw","float"]
}}}output { stdout { codec => rubydebug } elasticsearch { hosts => "192.168.0.100:9200" index => "ngx_log-%{+YYYY.MM}" }} NGINXACCESS 定义,可写在patterns/nginx 文件里
NGUSERNAME +
NGUSER %{NGUSERNAME}
NGINXACCESS %{IPORHOST:remote_addr} - - \[%{HTTPDATE:time_local}\] "%{WORD:method} %{URIPATHPARAM:request} HTTP/%{NUMBER:httpversion}" %{INT:status} %{INT:body_bytes_sent} %{QS:http_referer} %{QS:http_user_agent}
kibana 形图展示
https://www.chinasa.net/usr/uploads/2016/05/3368212676.png
页:
[1]