|
|
logstash#vi nginx_logs.conf
input {
file {
type => "nginx-access"
path => "/www/log/nginx/access/default.log"
start_position => "beginning"
}
}
filter {
if [type] == "nginx-access" {
grok {
match => { "message" => "%{NGINXACCESS}" }
}
date {
match => [ "timestamp" , "dd/MMM/YYYY:HH:mm:ss Z" ]
}
geoip {
source => "clientip"
target => "geoip"
database =>"/server/logstash/vendor/geoip/GeoLiteCity.dat"
add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ]
add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}" ]
}
mutate {
convert => [ "[geoip][coordinates]", "float" ]
}
}
}
output {
redis {
host => "10.252.35.170"
port => 6379
data_type => "list"
key => "logstash"
}
}
|
|
|
QQ群⑧:
窥视卡
雷达卡
发表于 2018-11-10 07:34:18
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡