Nginx日志处理为JSON格式,并放置在http区块:nginx
log_format json '{"@timestamp":"$time_iso8601",'
'"@version":"1",'
'"client":"$remote_addr",'
'"url":"$uri",'
'"status":"$status",'
'"domain":"$host",'
'"host":"$server_addr",'
'"size":"$body_bytes_sent",'
'"responsentime":"$request_time",'
'"referer":"$http_referer",'
'"useragent":"$http_user_agent"'
'}';
access_log logs/access_json.log json;json
Nginx日志格式 dom
logstash配置文件:elasticsearch
input {
file {
path =>"/usr/local/nginx/logs/access_json.log"
codec =>"json"
start_position => "beginning"url
}
}日志
filter{
json {
source => "message"
skip_on_invalid_json => true
}
}
output{code
elasticsearch {
hosts =>["172.16.3.160:9200"]
index => "logstash-zabbix-nginx-log-%{+YYYY.MM.dd}"orm
}
}server
logstash配置文件blog