logstash收集Nginx日誌,轉換為JSON格式
阿新 • • 發佈:2018-12-19
Nginx日誌處理為JSON格式,並放置在http區塊:
1 log_format json '{"@timestamp":"$time_iso8601",' 2 '"@version":"1",' 3 '"client":"$remote_addr",' 4 '"url":"$uri",' 5 '"status":"$status",' 6 'Nginx日誌格式"domain":"$host",' 7 '"host":"$server_addr",' 8 '"size":"$body_bytes_sent",' 9 '"responsentime":"$request_time",' 10 '"referer":"$http_referer",' 11 '"useragent":"$http_user_agent"' 12 '}'; 13 access_log logs/access_json.log json;
logstash配置檔案:
1 input { 2 file { 3 path =>"/usr/local/nginx/logs/access_json.log" 4 codec =>"json" 5 start_position => "beginning" 6 7 } 8 } 9 10 filter{ 11 json { 12 source => "logstash配置檔案message" 13 skip_on_invalid_json => true 14 } 15 } 16 output{ 17 18 19 elasticsearch { 20 hosts =>["172.16.3.160:9200"] 21 index => "logstash-zabbix-nginx-log-%{+YYYY.MM.dd}" 22 23 } 24 }