filter {
grok {
match => {
"message" => "%{IPORHOST:clientip} [%{HTTPDATE:time}] "%{WORD:verb} %{URIPATHPARAM:request} HTTP/%{NUMBER:httpversion}" - %{NUMBER:http_status_code} %{NUMBER:bytes} "(?<http_referer>S+)" "(?<http_user_agent>(S+s+)*S+)" (%{BASE16FLOAT:request_time}) (%{IPORHOST:http_x_forwarded_for}|-)"
}
}
geoip {
source => "http_x_forwarded_for"
add_tag => [ "geoip" ]
# database => "/var/geoip/GeoLiteCity.dat" 不是必须
}
}
{
"message" => " 10.168.255.134 [01/Sep/2016:17:40:09 +0800] "GET /resources/js/index.js?v=20160629 HTTP/1.1" - 200 8249 "https://wenjinbao.winfae.com/" "Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36" 0.001 115.234.131.214",
"@version" => "1",
"@timestamp" => "2016-09-01T09:41:45.430Z",
"path" => "/data01/applog_backup/winfae_log/wj-frontend02-access.2016-09-01",
"host" => "dr-mysql01.zjcap.com",
"type" => "wj_frontend_access",
"clientip" => "10.168.255.134",
"time" => "01/Sep/2016:17:40:09 +0800",
"verb" => "GET",
"request" => "/resources/js/index.js?v=20160629",
"httpversion" => "1.1",
"http_status_code" => "200",
"bytes" => "8249",
"http_referer" => "https://wenjinbao.winfae.com/",
"http_user_agent" => "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36",
"request_time" => "0.001",
"http_x_forwarded_for" => "115.234.131.214",
"geoip" => {
"ip" => "115.234.131.214",
"country_code2" => "CN",
"country_code3" => "CHN",
"country_name" => "China",
"continent_code" => "AS",
"region_name" => "02",
"city_name" => "Wenzhou",
"latitude" => 27.99940000000001,
"longitude" => 120.66680000000002,
"timezone" => "Asia/Shanghai",
"real_region_name" => "Zhejiang",
"location" => [
[0] 120.66680000000002,
[1] 27.99940000000001
]
},
"tags" => [
[0] "geoip"
]