elk 分析nginx日志

nginx 日志格式化

log_format logJson '{"client_time": "$time_iso8601", "remote_ip": "$remote_addr", "req_time": "$request_time", "request": "$request","ip": "$http_x_forwarded_for","referer":"$http_referer","http_host","$http_host"}';

Logstash 设置

input {

    file {

        path => "/var/log/nginx/*.log"

        type => "nginx"

        codec => "json"

        start_position => "beginning"

        stat_interval => "3"

    }

}

filter {

  if [type] == "nginx" {

    date {

        match => ["client_time", "yyyy-MM-dd HH:mm:ss"]

    }

  }

}

output {

    if [type] == "nginx" {

        elasticsearch {

            hosts => ["localhost"]

            manage_template => false

            index => "nginx-log-%{+YYYY.MM.dd}"

        }

    }

}