logstash收集Nginx日志,转换为JSON格式

Nginx日志处理为JSON格式,并放置在http区块:

log_format json '{"@timestamp":"$time_iso8601",'
'"@version":"1",'
'"client":"$remote_addr",'
'"url":"$uri",'
'"status":"$status",'
'"domain":"$host",'
'"host":"$server_addr",'
'"size":"$body_bytes_sent",'
'"responsentime":"$request_time",'
'"referer":"$http_referer",'
'"useragent":"$http_user_agent"'
'}';
access_log logs/access_json.log json;

Nginx日志格式  

 

 

logstash配置文件:

 

input {
file {
path =>"/usr/local/nginx/logs/access_json.log"
codec =>"json"
start_position => "beginning"

}
}

filter{
json {
source => "message"
skip_on_invalid_json => true
}
}
output{


elasticsearch {
hosts =>["172.16.3.160:9200"]
index => "logstash-zabbix-nginx-log-%{+YYYY.MM.dd}"

}
}

logstash配置文件

posted on 2019-11-29 16:32  ExplorerMan  阅读(...)  评论(... 编辑 收藏

导航