使用logstash分析nginx日志 elasticsearch存储日志 kibana展示日志

1 配置nginx

log_format  main  '$remote_addr [$time_local] "$request" $status $body_bytes_sent "$http_referer" $request_time "$upstream_addr" $upstream_response_time "$http_user_agent" "$http_x_forwarded_for"';
access_log  /var/log/nginx/access.log  main;

配置完成后，启动nginx

# nginx

2 配置logstash

新建一个nginx.conf，内容如下

input {
          file {
                   path => ["/var/log/nginx/access.log"]
                   type => "access"
                   start_position => "beginning"
                         }
}
filter {
    if [type] == "access" {
          grok {
                   match => { "message" => "^%{IPV4:remote_addr} \[%{HTTPDATE:timestamp}\] \"%{WORD:verb} %{DATA:request} HTTP/%{NUMBER:httpversion}\" %{INT:status} %{INT:body_bytes_sent}