• 完整的拆分nginx访问日志

    <pre name="code" class="html"> 10.168.255.134 [09/Oct/2016:15:28:52 +0800] "GET / HTTP/1.1" - 200 23388 "" "Mozilla/5.0 (Linux; U; Android 4.4.4; zh-cn; MX4 Pro Build/KTU84P) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30" 0.001 101.226.125.103
 
 filter {
    grok {
        match =>[ 
             "message","%{IPORHOST:clientip} [%{HTTPDATE:time}] "%{WORD:verb} %{URIPATHPARAM:request}?.* HTTP/%{NUMBER:httpversion}" - %{NUMBER:http_status_code} %{NUMBER:bytes} "(?<http_referer>S+)" "(?<http_user_agent>(S+s+)*S+)" (%{BASE16FLOAT:request_time}) (%{IPORHOST:http_x_forwarded_for}|-)", 

10.168.102.19 [09/Oct/2016:22:21:05 +0800] "GET /account/dashBoard.html?1476022868809 HTTP/1.1" - 200 17670 "https://wenjinbao.winfae.com/account/myAccount.html" "Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36" 0.000 112.14.113.84



             "message" , "%{IPORHOST:clientip} [%{HTTPDATE:time}] "%{WORD:verb} %{URIPATHPARAM:request} HTTP/%{NUMBER:httpversion}" - %{NUMBER:http_status_code} %{NUMBER:bytes} "(?<http_referer>S+)" "(?<http_user_agent>(S+s+)*S+)" (%{BASE16FLOAT:request_time}) (%{IPORHOST:http_x_forwarded_for}|-)",

10.168.255.134 [09/Oct/2016:22:19:10 +0800] "GET /resources/plugins/My97DatePicker/skin/datePicker.gif HTTP/1.1" - 200 1043 "https://wenjinbao.winfae.com/resources/plugins/My97DatePicker/skin/WdatePicker.css" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0" 0.000 101.229.206.131

             "message","%{IPORHOST:clientip} [%{HTTPDATE:time}] "%{WORD:verb} (?<http_url>S+)s+HTTP/%{NUMBER:httpversion}"s+-s+%{NUMBER:http_status_code}s+%{NUMBER:bytes}s+"-"s+"(?<http_user_agent>(S+))"s+(%{BASE16FLOAT:request_time})s+(%{IPORHOST:http_x_forwarded_for}|-)"
             
        ]
    } 

80.82.78.38 [23/Sep/2016:05:36:18 +0800] "GET http://www.baidu.com/cache/global/img/gs.gif HTTP/1.1" - 404 162 "-" "Mozilla" 0.000 -

  


发现新的匹配记录:
 10.168.255.134 [09/Oct/2016:15:28:52 +0800] "GET / HTTP/1.1" - 200 23388 "" "Mozilla/5.0 (Linux; U; Android 4.4.4; zh-cn; MX4 Pro Build/KTU84P) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30" 0.001 101.226.125.103

%{IPORHOST:clientip} [%{HTTPDATE:time}] "%{WORD:verb} %{URIPATHPARAM:request} HTTP/%{NUMBER:httpversion}" - %{NUMBER:http_status_code} %{NUMBER:bytes} "" "(?<http_user_agent>(S+s+)*S+)" (%{BASE16FLOAT:request_time}) (%{IPORHOST:http_x_forwarded_for}|-)


    

    

    
                                    

    
    
          
    • 

          
  • 

            相关阅读:
    
            
              Mesos源码分析(8): Mesos-Slave的初始化
                
    OpenStack(一)——OpenStack的相关概念
                
    awk(gawk)文本报告生成器
                
    echo的色彩处理
                
    bash命令检测Shell脚本中的语法错误和查看详细执行过程
                
    Linux命令之cut
                
    sed流编辑器
                
    shell中函数的使用
                
    shell中的shift左移参数命令
                
    shell中跳出循环语句break和continue
                
                    
          
    • 
          
  • 
            原文地址:https://www.cnblogs.com/hzcya1995/p/13350290.html
          
    • 

        

      



      
      

        

        

      

    

  


  

  
Copyright © 2020-2023 
  润新知