nginx-es.conf
input { file { path => "/opt/logtest/nginx_access.log.1" start_position => "beginning" sincedb_path => "/opt/logstash-2.3.4/sincedb/" } }
filter { ruby{ init => "@kname=['remote_addr','time_local','http_host','request','status','body_bytes_sent','http_referer','http_user_agent','upstream_response_time','request_time']" code => "event.append(Hash[@kname.zip(event['message'].split(' | '))])" } if [http_user_agent] =="-" { drop { } } if [request] { ruby { init => "@kname = ['method','uri','verb']" code => "event.append(Hash[@kname.zip(event['request'].split(' '))])" } if [uri] { ruby { init => "@kname = ['url_path', 'url_args']" code => "event.append(Hash[@kname.zip(event['uri'].split('?'))])" } } } geoip { source => "remote_addr" } mutate { convert => [ "body_bytes_sent", "integer", "status", "integer", "upstream_response_time", "float", "request_time", "float" ] add_field => {"type" => "nginx"} remove_field => ["uri","request"] } date { match => ["time_local", "dd/MMM/yyyy:HH:mm:ss +0800", "ISO8601"] target => "@timestamp" remove_field => ["time_local", "message"] } }
output { stdout{ codec => rubydebug} elasticsearch { hosts => ["192.168.0.135:9200"] index => "logstash-%{type}-%{+YYYY.MM.dd}" workers => 2 template_overwrite => true } }
log content sample
192.168.100.10 | 29/Jul/2016:17:19:36 +0800 | api2.unichat.cn | GET / HTTP/1.1 | 200 | 17 | - | - | 0.052 | 0.052 118.212.135.122 | 29/Jul/2016:17:19:44 +0800 | api2.unichat.cn | GET /api/uchat?page=2&recommend_sort=1469783728640 HTTP/1.1 | 200 | 3499 | - | PhotoFlow/1.0.9 (iPhone; iOS 9.2.1; Scale/2.00) | 0.200 | 0.201
log_format uchat "$remote_addr | $time_local | $http_host | $request | $status | $body_bytes_sent | $http_referer | $http_user_agent | $upstream_response_time | $request_time";
output
{ "@version" => "1", "@timestamp" => "2016-08-03T02:18:21.000Z", "path" => "/opt/logtest/nginx_access.log", "host" => "inok-c0", "remote_addr" => "125.71.215.46", "http_host" => "api2.unichat.cn", "status" => 200, "body_bytes_sent" => 17, "http_referer" => "-", "http_user_agent" => "check_http/v1.4.16 (nagios-plugins 1.4.16)", "upstream_response_time" => 0.042, "request_time" => 0.043, "method" => "GET", "verb" => "HTTP/1.1", "url_path" => "/", "url_args" => nil, "geoip" => { "ip" => "125.71.215.46", "country_code2" => "CN", "country_code3" => "CHN", "country_name" => "China", "continent_code" => "AS", "region_name" => "32", "city_name" => "Chengdu", "latitude" => 30.66669999999999, "longitude" => 104.06670000000003, "timezone" => "Asia/Chongqing", "real_region_name" => "Sichuan", "location" => [ [0] 104.06670000000003, [1] 30.66669999999999 ] }, "type" => "nginx" }
相关推荐
nginx-log-elasticsearch-lua 使用Lua从Nginx直接记录到Elasticsearch
- ./es_data:/usr/share/elasticsearch/data - /etc/localtime:/etc/localtime environment: - http.host=0.0.0.0 - transport.host=localhost - network.host=0.0.0.0 # Disable X-Pack security: ...
信息这将安装所有必要的软件包并正确配置它们,以便您在大约 15 分钟内拥有一个 Graylog 服务器和网络它安装和配置elasticsearch、mongodb、nginx、graylog-server 和graylog-web 它还为端口 514 添加了一个默认侦听...
涉及到 Elastic Stack 中 Filebeat 是用于采集 Nginx 相关的日志, Elasticsearch 是用于对于数据落地存储和搜索的引擎, Kibana 是用于对数据可视化的工具。 在 Nginx 中相关的日志是存储在 /var/log/nginx 目录下...
\_ nxapi/nxapi.json (configure elastic search) nginx-zmq-log \_ /etc/nginx/nginx.conf --- `log_zmq_server thorn-zmq-sub:5556` thron-ui (not ready yet) thorn-zmq-sub (port:5556) thorn-netfilter ...
Nginx的access log: 201.158.69.116 - - [03/Jan/2013:21:17:20 -0600] fwf[-] tip[-] 127.0.0.1:9000 0.007 0.007 MX pythontab.com GET /html/test.html HTTP/1.1 "200" 2426 "http://a.com" "es-ES,es;q=0.8" ...
activemq,baidupcs-web,canal,confluence,couchbase,efk,elasticsearch,elk,elkf,fastdfs,filebeat,flowable,gitlab,gogs,grafana,grafana-promtail-loki-nginx-demo,grafana_promtail_loki,graylog,jenkins,jira,...
AuditLog,Elasticsearch,Kibana,Logstash: ://youtu.be/eS8Fn5ozIdU 有用的链接 ModSecurity GitHub ModSecurity-Nginx GitHub ModSecurity参考手册https://bit.ly/2wh7kRo OWASP CRS3 GitHub ...
7-logstash收集nginx访问日志-json.flv 8-logstash收集syslog日志.flv 9-logstash收集tcp日志.flv 10-logstash收集slowlog-grok.flv 11-logstash解耦之消息队列.flv 12-kibana实践.flv 13-elk上线流程.flv
Elasticsearch 2.3.2 logstash 2.2.4 Kibana 4.4.2 filebeat 1.2.2 topbeat 1.2.2 搭建ELK日志分析平台。此处为其核心配置文件。具体搭建过程请参考文档 Screenshots elasticsearch索引列表 Nginx日志分析 Syslog...
14、log4j日志推送到elasticsearch集成 15、thymeleaf自定义标签 16、文件系统(支持nginx、http、ftp、tomcat等方式配置) 17、消息通知(通过netty实时推送) 18、quartz定时任务管理 19、@CheckParam自定义检测...
使用 docker 和 fig 一次性启动 norikra、elasticsearch、kibana4、nginx 进行基本身份验证,使用 fluentd 进行日志收集。首次执行fig up时将构建 Dockerfile。如果在此之后对 Dockerfile 进行任何更改,docker 映像...
Elasticsearch设置堆大小 Ansible剧本会自动将堆大小设置为分配给主机的系统总内存的一半。 例如,如果一台计算机具有16GB的内存,则ES堆大小将设置为8GB 。 支持的版本 Graylog v4.0.1 Elastic v7.10 Splunk v...
用水量使用量度HydroShare的ELK堆栈安装和配置文件为Logstash配置Logrotate cp /etc/logrotate.d/nginx /etc/logrotate.d/logstash$ vim /etc/logrotate.d/logstash /var/log/logstash/*log /var/log/logstash/*.err...
由Elasticsearch提供支持的全文本搜索引擎metricstore :PostgreSQL支持,由前端(Grafana)使用,用于存储有关仪表板,数据源和用户的元数据。 frontend :由Grafana提供支持,Grafana是一个动态可视化前端,该...
一个Kibana节点,包括一个本地Elasticsearch客户节点和一个用于HTTP基本身份验证的Nginx Wazuh服务器位于面向Internet的负载均衡器后面,以便代理与群集进行通信 Kibana服务器位于面向Internet的负载均衡器后面,该...
Solr & Elasticsearch | 分布式全文搜索引擎 | [http://lucene.apache.org/solr/](http://lucene.apache.org/solr/) [https://www.elastic.co/](https://www.elastic.co/) Quartz | 作业调度框架 | ...
:在ElasticSearch中读取数据。 :在MongoDB中读取数据。 :在MySQL中读取数据。 :在Microsoft SQL Server中读取数据。 :在PostgreSQL中读取数据。 :在Kafka中读取数据。 :在Redis中读取数据。 :通过...
自动版本控制和CHANGELOG生成(通过 )。 预先配置的VSCode编辑和调试设置。 支持的模板 -每个基于ESNext的应用程序的基础。 具有Docker支持的基于Fastify的API服务器模板。 -MobX + React模板基于具有Docker...