log_format main '$remote_addr [$time_local] "$request" '
'$request_body $status $body_bytes_sent "$http_referer" "$http_user_agent" '
'$request_time $http_x_forwarded_for';
filter {
grok {
match => {
"message" => "%{IPORHOST:clientip} [%{HTTPDATE:time}] "%{WORD:verb} %{URIPATHPARAM:request} HTTP/%{NUMBER:httpversion}" - %{NUMBER:http_status_code} %{NUMBER:bytes} "(?<http_referer>S+)" "(?<http_user_agent>(S+s+)*S+)" (%{BASE16FLOAT:request_time}) (%{IPORHOST:http_x_forwarded_for}|-)"
}
}
}
{
"message" => " 10.168.102.19 [30/Aug/2016:14:53:05 +0800] "GET /resources/plugins/artDialog/dialog-min.js?v=1&_=1472539986766 HTTP/1.1" - 200 9946 "https://wenjinbao.winfae.com/login.html" "Mozilla/5.0 (Linux; Android 5.1; HUAWEI RIO-UL00 Build/HUAWEIRIO-UL00) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/37.0.0.0 Mobile MQQBrowser/6.2 TBS/036558 Safari/537.36 MicroMessenger/6.3.23.840 NetType/WIFI Language/zh_CN" 0.001 60.181.22.131",
"@version" => "1",
"@timestamp" => "2016-08-30T06:53:27.972Z",
"path" => "/data01/applog_backup/winfae_log/wj-frontend01-access.2016-08-30",
"host" => "dr-mysql01.zjcap.com",
"type" => "wj_frontend_access",
"clientip" => "10.168.102.19",
"time" => "30/Aug/2016:14:53:05 +0800",
"verb" => "GET",
"request" => "/resources/plugins/artDialog/dialog-min.js?v=1&_=1472539986766",
"httpversion" => "1.1",
"http_status_code" => "200",
"bytes" => "9946",
"http_referer" => "https://wenjinbao.winfae.com/login.html",
"http_user_agent" => "Mozilla/5.0 (Linux; Android 5.1; HUAWEI RIO-UL00 Build/HUAWEIRIO-UL00) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/37.0.0.0 Mobile MQQBrowser/6.2 TBS/036558 Safari/537.36 MicroMessenger/6.3.23.840 NetType/WIFI Language/zh_CN",
"request_time" => "0.001",
"http_x_forwarded_for" => "60.181.22.131"
}