zoukankan      html  css  js  c++  java
  • logstash grok 解析Nginx

    log_format  main  '$remote_addr [$time_local] "$request" '
                          '$request_body $status $body_bytes_sent "$http_referer" "$http_user_agent" '
                          '$request_time $upstream_response_time';
    
    zjtest7-frontend:/usr/local/logstash-2.3.4/config# cat loguat.cof 
    input {
            file {
                    type => "uat_nginx_access"
                    path => ["/rsyslog/data/nginx/uat/nginx_access0*_log.*"]
            }
    }
    
    filter {
        grok {
            match =>{ 
              "message" => " %{IPORHOST:clientip} [%{HTTPDATE:time}] "%{WORD:verb} %{URIPATHPARAM:request} HTTP/%{NUMBER:httpversion}" - %{NUMBER:http_status_code} %{NUMBER:bytes} "(?<http_referer>S+)" "(?<http_user_agent>(S+s+)*S+)".*"
              }
           
        }
        }
    
    output {
          elasticsearch {
                    hosts => "192.168.32.80:9200"
                    index => "logstash-uat-test"
            }
    		stdout {
    			codec => rubydebug
    		}
            }
    {
                 "message" => " 121.40.205.143 [29/Aug/2016:17:35:30 +0800] "GET /wechat/hold_history.html HTTP/1.1" - 200 2567 "https://uatest.winfae.com/wechat/account_hold.html" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_2 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Mobile/13F69 MicroMessenger/6.3.16 NetType/WIFI Language/zh_CN" 0.000 -",
                "@version" => "1",
              "@timestamp" => "2016-08-29T09:38:14.182Z",
                    "path" => "/rsyslog/data/nginx/uat/nginx_access01_log.2016-08-29",
                    "host" => "0.0.0.0",
                    "type" => "uat_nginx_access",
                "clientip" => "121.40.205.143",
                    "time" => "29/Aug/2016:17:35:30 +0800",
                    "verb" => "GET",
                 "request" => "/wechat/hold_history.html",
             "httpversion" => "1.1",
        "http_status_code" => "200",
                   "bytes" => "2567",
            "http_referer" => "https://uatest.winfae.com/wechat/account_hold.html",
         "http_user_agent" => "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_2 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Mobile/13F69 MicroMessenger/6.3.16 NetType/WIFI Language/zh_CN"
    }

  • 相关阅读:
    LC 377. Combination Sum IV
    LC 718. Maximum Length of Repeated Subarray
    使用 Synchronized 关键字
    线程的基本概念
    谈谈 JAVA 的对象序列化
    JAVA 注解的基本原理
    基于 CGLIB 库的动态代理机制
    基于 JDK 的动态代理机制
    反射的基本原理
    泛型的基本原理
  • 原文地址:https://www.cnblogs.com/zhaoyangjian724/p/6199287.html
Copyright © 2011-2022 走看看