logstash 处理nginx 访问日志
2024-09-13 07:55:16
[root@dr-mysql01 frontend]# cat logstash_frontend.conf
input {
file {
type => "zj_frontend_access"
path => ["/data01/applog_backup/zjzc_log/zj-frontend0*access*"]
} file {
type => "wj_frontend_access"
path => ["/data01/applog_backup/winfae_log/wj-frontend0*access*"]
} }
filter {
grok {
match => {
"message" => "%{IPORHOST:clientip} \[%{HTTPDATE:time}\] \"%{WORD:verb} %{URIPATHPARAM:request} HTTP/%{NUMBER:httpversion}\" %{NUMBER:http_status_code} %{NUMBER:bytes} \"(?<http_referer>\S+)\" \"(?<http_user_agent>\S+)\" \"(?<http_x_forwarded_for>\S+)\""
}
}
} output {
if [type] == "zj_frontend_access" {
redis {
host => "192.168.32.67"
data_type => "list"
key => "zj_frontend_access:redis"
port=>"6379"
password => "1234567"
}
}
else if [type] == "wj_frontend_access"{
redis {
host => "192.168.32.67"
data_type => "list"
key => "wj_frontend_access:redis"
port=>"6379"
password => "1234567"
}
}
} [root@dr-mysql01 frontend]# cat logstash_indexer.conf
input { redis {
host => "192.168.32.67"
data_type => "list"
key => "zj_frontend_access:redis"
password => "1234567"
port =>"6379"
} redis {
host => "192.168.32.67"
data_type => "list"
key => "wj_frontend_access:redis"
password => "1234567"
port =>"6379"
} }
output {
if [type] == "zj_frontend_access"{
elasticsearch {
hosts => "192.168.32.80:9200"
index => "logstash-zjzc-frontend-%{+YYYY.MM.dd}"
}
stdout {
codec => rubydebug
}
}
else if [type] == "wj_frontend_access"{
elasticsearch {
hosts => "192.168.32.81:9200"
index => "logstash-wj-frontend-%{+YYYY.MM.dd}"
}
stdout {
codec => rubydebug
} } }
最新文章
- CSS media queries
- Windows 7 与 Vmware Ubuntu 15.10_64 共享文件夹
- Syntax highlighter for CKEditor
- 关于部分应用无法向POJ提交代码的解决方案
- kubernetes多节点部署的决心
- AtomicInteger的用法
- DotNetCore跨平台~Json动态序列化属性
- 强力推荐各位攻城狮查看,收藏IT职业技能图谱(全套13张)
- 第二章 Linux目录学习
- 《Linux就该这么学》第十七天课程
- ionic3 git 提交报错
- 【javascript】js 获取 url 后的参数值
- jackson 转换 enum 类型
- Xpath同时选取不同属性的元素
- Shell 学习笔记之函数
- (LeetCode 203)Remove Linked List Elements
- POJ 3006 Dirichlet&#39;s Theorem on Arithmetic Progressions (素数)
- 如何升级到python3版本并且安装pip3
- css选择器星号(*)
- corethink功能模块探索开发(六)让这个模块在前台显示