zoukankan      html  css  js  c++  java
  • nginx-access.log的logstash解析

    1、nginx的access的格式:

    log_format hehe '$http_host $server_addr $remote_addr [$time_local] "$request" $request_body $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_time $upstream_response_time $upstream_addr';

    2、nginx日志

    evo.xinpinget.com 10.1.217.143 6.52.65.86 [22/May/2018:15:10:46 +0800] "GET /api/merchant/listForSelection?filterByUserSelector=true&token=1cmqfl2RiO9BV9xIU8F3LG1I HTTP/1.1" - 200 268 "http://evo.xinpinget.com/order/newAfterSales" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.75 Safari/537.36 QQBrowser/4.1.4132.400" 0.021 0.021 10.1.132.201:4010

    3、logstash

    patterns:

    # cat nginx

    HOSTPORT1 (%{IPV4}:%{POSINT}[, ]{0,2})+
    NGINXACCESS1 %{IPORHOST:http_host} %{IPORHOST:server_addr} %{IPORHOST:remote_addr} [%{HTTPDATE:time_local}] "%{WORD:method} %{URIPATH:uri}?%{NOTSPACE:params} HTTP/%{NUMBER:http_version}" %{DATA:request_body|-} %{INT:status} %{INT:body_bytes_sent} %{QS:http_referer} %{QS:http_user_agent} (%{NUMBER:request_time:float}|-) (%{NUMBER:upstream_response_time:float}|-) %{HOSTPORT1:upstream_addr}

    logstash.conf

    filter { 
     if 'api' in [tags] {
                      grok {
                        patterns_dir => "/etc/logstash/patters.d"
                        match => { "message" => "%{NGINXACCESS1}" }
                      }
                      kv {
                    source => "params"
                    field_split => "&?"
                    value_split => "="
                    include_keys => [ "token","user" ]
          }
            }
    }
  • 相关阅读:
    Leetcode 191.位1的个数 By Python
    反向传播的推导
    Leetcode 268.缺失数字 By Python
    Leetcode 326.3的幂 By Python
    Leetcode 28.实现strStr() By Python
    Leetcode 7.反转整数 By Python
    Leetcode 125.验证回文串 By Python
    Leetcode 1.两数之和 By Python
    Hdoj 1008.Elevator 题解
    TZOJ 车辆拥挤相互往里走
  • 原文地址:https://www.cnblogs.com/cuishuai/p/9072963.html
Copyright © 2011-2022 走看看