nginx-es.conf
input {
file {
path => "/opt/logtest/nginx_access.log.1"
start_position => "beginning"
sincedb_path => "/opt/logstash-2.3.4/sincedb/"
}
}
filter {
ruby{
init => "@kname=['remote_addr','time_local','http_host','request','status','body_bytes_sent','http_referer','http_user_agent','upstream_response_time','request_time']"
code => "event.append(Hash[@kname.zip(event['message'].split(' | '))])"
}
if [http_user_agent] =="-" {
drop { }
}
if [request] {
ruby {
init => "@kname = ['method','uri','verb']"
code => "event.append(Hash[@kname.zip(event['request'].split(' '))])"
}
if [uri] {
ruby {
init => "@kname = ['url_path', 'url_args']"
code => "event.append(Hash[@kname.zip(event['uri'].split('?'))])"
}
}
}
geoip {
source => "remote_addr"
}
mutate {
convert => [
"body_bytes_sent", "integer",
"status", "integer",
"upstream_response_time", "float",
"request_time", "float"
]
add_field => {"type" => "nginx"}
remove_field => ["uri","request"]
}
date {
match => ["time_local", "dd/MMM/yyyy:HH:mm:ss +0800", "ISO8601"]
target => "@timestamp"
remove_field => ["time_local", "message"]
}
}
output {
stdout{ codec => rubydebug}
elasticsearch {
hosts => ["192.168.0.135:9200"]
index => "logstash-%{type}-%{+YYYY.MM.dd}"
workers => 2
template_overwrite => true
}
}
log content sample
192.168.100.10 | 29/Jul/2016:17:19:36 +0800 | api2.unichat.cn | GET / HTTP/1.1 | 200 | 17 | - | - | 0.052 | 0.052 118.212.135.122 | 29/Jul/2016:17:19:44 +0800 | api2.unichat.cn | GET /api/uchat?page=2&recommend_sort=1469783728640 HTTP/1.1 | 200 | 3499 | - | PhotoFlow/1.0.9 (iPhone; iOS 9.2.1; Scale/2.00) | 0.200 | 0.201
log_format uchat "$remote_addr | $time_local | $http_host | $request | $status | $body_bytes_sent | $http_referer | $http_user_agent | $upstream_response_time | $request_time";
output
{
"@version" => "1",
"@timestamp" => "2016-08-03T02:18:21.000Z",
"path" => "/opt/logtest/nginx_access.log",
"host" => "inok-c0",
"remote_addr" => "125.71.215.46",
"http_host" => "api2.unichat.cn",
"status" => 200,
"body_bytes_sent" => 17,
"http_referer" => "-",
"http_user_agent" => "check_http/v1.4.16 (nagios-plugins 1.4.16)",
"upstream_response_time" => 0.042,
"request_time" => 0.043,
"method" => "GET",
"verb" => "HTTP/1.1",
"url_path" => "/",
"url_args" => nil,
"geoip" => {
"ip" => "125.71.215.46",
"country_code2" => "CN",
"country_code3" => "CHN",
"country_name" => "China",
"continent_code" => "AS",
"region_name" => "32",
"city_name" => "Chengdu",
"latitude" => 30.66669999999999,
"longitude" => 104.06670000000003,
"timezone" => "Asia/Chongqing",
"real_region_name" => "Sichuan",
"location" => [
[0] 104.06670000000003,
[1] 30.66669999999999
]
},
"type" => "nginx"
}
相关推荐
nginx-log-elasticsearch-lua 使用Lua从Nginx直接记录到Elasticsearch
- ./es_data:/usr/share/elasticsearch/data - /etc/localtime:/etc/localtime environment: - http.host=0.0.0.0 - transport.host=localhost - network.host=0.0.0.0 # Disable X-Pack security: ...
信息这将安装所有必要的软件包并正确配置它们,以便您在大约 15 分钟内拥有一个 Graylog 服务器和网络它安装和配置elasticsearch、mongodb、nginx、graylog-server 和graylog-web 它还为端口 514 添加了一个默认侦听...
涉及到 Elastic Stack 中 Filebeat 是用于采集 Nginx 相关的日志, Elasticsearch 是用于对于数据落地存储和搜索的引擎, Kibana 是用于对数据可视化的工具。 在 Nginx 中相关的日志是存储在 /var/log/nginx 目录下...
\_ nxapi/nxapi.json (configure elastic search) nginx-zmq-log \_ /etc/nginx/nginx.conf --- `log_zmq_server thorn-zmq-sub:5556` thron-ui (not ready yet) thorn-zmq-sub (port:5556) thorn-netfilter ...
Nginx的access log: 201.158.69.116 - - [03/Jan/2013:21:17:20 -0600] fwf[-] tip[-] 127.0.0.1:9000 0.007 0.007 MX pythontab.com GET /html/test.html HTTP/1.1 "200" 2426 "http://a.com" "es-ES,es;q=0.8" ...
activemq,baidupcs-web,canal,confluence,couchbase,efk,elasticsearch,elk,elkf,fastdfs,filebeat,flowable,gitlab,gogs,grafana,grafana-promtail-loki-nginx-demo,grafana_promtail_loki,graylog,jenkins,jira,...
AuditLog,Elasticsearch,Kibana,Logstash: ://youtu.be/eS8Fn5ozIdU 有用的链接 ModSecurity GitHub ModSecurity-Nginx GitHub ModSecurity参考手册https://bit.ly/2wh7kRo OWASP CRS3 GitHub ...
7-logstash收集nginx访问日志-json.flv 8-logstash收集syslog日志.flv 9-logstash收集tcp日志.flv 10-logstash收集slowlog-grok.flv 11-logstash解耦之消息队列.flv 12-kibana实践.flv 13-elk上线流程.flv
Elasticsearch 2.3.2 logstash 2.2.4 Kibana 4.4.2 filebeat 1.2.2 topbeat 1.2.2 搭建ELK日志分析平台。此处为其核心配置文件。具体搭建过程请参考文档 Screenshots elasticsearch索引列表 Nginx日志分析 Syslog...
14、log4j日志推送到elasticsearch集成 15、thymeleaf自定义标签 16、文件系统(支持nginx、http、ftp、tomcat等方式配置) 17、消息通知(通过netty实时推送) 18、quartz定时任务管理 19、@CheckParam自定义检测...
使用 docker 和 fig 一次性启动 norikra、elasticsearch、kibana4、nginx 进行基本身份验证,使用 fluentd 进行日志收集。首次执行fig up时将构建 Dockerfile。如果在此之后对 Dockerfile 进行任何更改,docker 映像...
Elasticsearch设置堆大小 Ansible剧本会自动将堆大小设置为分配给主机的系统总内存的一半。 例如,如果一台计算机具有16GB的内存,则ES堆大小将设置为8GB 。 支持的版本 Graylog v4.0.1 Elastic v7.10 Splunk v...
用水量使用量度HydroShare的ELK堆栈安装和配置文件为Logstash配置Logrotate cp /etc/logrotate.d/nginx /etc/logrotate.d/logstash$ vim /etc/logrotate.d/logstash /var/log/logstash/*log /var/log/logstash/*.err...
由Elasticsearch提供支持的全文本搜索引擎metricstore :PostgreSQL支持,由前端(Grafana)使用,用于存储有关仪表板,数据源和用户的元数据。 frontend :由Grafana提供支持,Grafana是一个动态可视化前端,该...
一个Kibana节点,包括一个本地Elasticsearch客户节点和一个用于HTTP基本身份验证的Nginx Wazuh服务器位于面向Internet的负载均衡器后面,以便代理与群集进行通信 Kibana服务器位于面向Internet的负载均衡器后面,该...
Solr & Elasticsearch | 分布式全文搜索引擎 | [http://lucene.apache.org/solr/](http://lucene.apache.org/solr/) [https://www.elastic.co/](https://www.elastic.co/) Quartz | 作业调度框架 | ...
:在ElasticSearch中读取数据。 :在MongoDB中读取数据。 :在MySQL中读取数据。 :在Microsoft SQL Server中读取数据。 :在PostgreSQL中读取数据。 :在Kafka中读取数据。 :在Redis中读取数据。 :通过...
自动版本控制和CHANGELOG生成(通过 )。 预先配置的VSCode编辑和调试设置。 支持的模板 -每个基于ESNext的应用程序的基础。 具有Docker支持的基于Fastify的API服务器模板。 -MobX + React模板基于具有Docker...