log_format main '$remote_addr [$time_local] "$request" '
'$request_body $status $body_bytes_sent "$http_referer" "$http_user_agent" '
'$request_time $upstream_response_time';
zjtest7-frontend:/usr/local/logstash-2.3.4/config# cat loguat.cof
input {
file {
type => "uat_nginx_access"
path => ["/rsyslog/data/nginx/uat/nginx_access0*_log.*"]
}
}
filter {
grok {
match =>{
"message" => " %{IPORHOST:clientip} [%{HTTPDATE:time}] "%{WORD:verb} %{URIPATHPARAM:request} HTTP/%{NUMBER:httpversion}" - %{NUMBER:http_status_code} %{NUMBER:bytes} "(?<http_referer>S+)" "(?<http_user_agent>(S+s+)*S+)".*"
}
}
}
output {
elasticsearch {
hosts => "192.168.32.80:9200"
index => "logstash-uat-test"
}
stdout {
codec => rubydebug
}
}
{
"message" => " 121.40.205.143 [29/Aug/2016:17:35:30 +0800] "GET /wechat/hold_history.html HTTP/1.1" - 200 2567 "https://uatest.winfae.com/wechat/account_hold.html" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_2 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Mobile/13F69 MicroMessenger/6.3.16 NetType/WIFI Language/zh_CN" 0.000 -",
"@version" => "1",
"@timestamp" => "2016-08-29T09:38:14.182Z",
"path" => "/rsyslog/data/nginx/uat/nginx_access01_log.2016-08-29",
"host" => "0.0.0.0",
"type" => "uat_nginx_access",
"clientip" => "121.40.205.143",
"time" => "29/Aug/2016:17:35:30 +0800",
"verb" => "GET",
"request" => "/wechat/hold_history.html",
"httpversion" => "1.1",
"http_status_code" => "200",
"bytes" => "2567",
"http_referer" => "https://uatest.winfae.com/wechat/account_hold.html",
"http_user_agent" => "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_2 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Mobile/13F69 MicroMessenger/6.3.16 NetType/WIFI Language/zh_CN"
}