kibana 分析 nginx 

input {
        stdin{
        }
}
 
filter {
        grok {
            match => { "message" => ["%{IPORHOST:[nginx][access][remote_ip]} - %{DATA:[nginx][access][user_name]} \[%{HTTPDATE:[nginx][access][time]}\] \"%{WORD:[nginx][access][method]} %{DATA:[nginx][access][url]} HTTP/%{NUMBER:[nginx][access][http_version]}\" %{NUMBER:[nginx][access][response_code]} %{NUMBER:[nginx][access][body_sent][bytes]} \"%{DATA:[nginx][access][referrer]}\" \"%{DATA:[nginx][access][agent]}\""] }
            remove_field => "message"
        }
        mutate {
            add_field => { "read_timestamp" => "%{@timestamp}" }
        }
        date {
            match => [ "[nginx][access][time]", "dd/MMM/YYYY:H:m:s Z" ]
            remove_field => "[nginx][access][time]"
        }
        useragent {
            source => "[nginx][access][agent]"
            target => "[nginx][access][user_agent]"
            remove_field => "[nginx][access][agent]"
        }
        mutate{
            convert => { "[nginx][access][body_sent][bytes]" => "integer" }
        }
 
}
 
output {
  elasticsearch {
    hosts    => [ "localhost" ]
    index    => "logstash-%{+YYYY.MM.dd}"
  }
}

  

 

 

 

时间轴


        .es(index=logstash*, timefield='@timestamp', q=nginx.access.response_code:200).label('OK'), .es(index=logstash*, timefield='@timestamp', q=nginx.access.response_code:404).label('Page Not Found')
posted @ 2020-03-06 21:27  月渊  阅读(532)  评论(0编辑  收藏  举报