Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- input {
- beats {
- port => 5045
- host => "1.0.0.0.1"
- tags => "nginx"
- }
- }
- filter {
- if "nginx" in [tags] {
- grok {
- match => { "message" => '"%{IP:[nginx][access][remote_ip]}" "%{DATA:[nginx][access][user_name]}" "%{HTTPDATE:[nginx][access][time]}" "%{WORD:[nginx][access][method]} %{DATA:[nginx][access][url]} HTTP/%{NUMBER:[nginx][access][http_version]}" "%{NUMBER:[nginx][access][response_code]}" "%{NUMBER:[nginx][access][body_sent][bytes]:int}" "%{DATA:[nginx][access][referrer]}" "%{DATA:[nginx][access][agent]}" "%{WORD:[nginx][access][http_x_forwarded_for]}" "%{NUMBER:[nginx][access][request_time]:int}" "%{NUMBER:[nginx][access][upstream_response_time]:int}" "%{WORD:[nginx][access][upstream_cache_status]}" "%{WORD:[nginx][access][connection]}" "%{WORD:[nginx][access][server_name]}" "%{WORD:[nginx][access][host]}" "%{NUMBER:[nginx][access][gzip_ration]:int}" "%{WORD:[nginx][access][cookie_phpsessid]}" "%{WORD:[nginx][access][geoip_country_code]}" "%{WORD:[nginx][access][user_agent]}:%{WORD:[nginx][access][uri_type]}:%{WORD:[nginx][access][force_version]} %{WORD:[nginx][access][site_version]}"' }
- remove_field => "message"
- }
- mutate {
- add_field => { "read_timestamp" => "%{@timestamp}" }
- }
- date {
- match => [ "[nginx][access][time]", "dd/MMM/YYYY:H:m:s Z" ]
- remove_field => "[nginx][access][time]"
- }
- useragent {
- source => "[nginx][access][agent]"
- target => "[nginx][access][user_agent]"
- remove_field => "[nginx][access][agent]"
- }
- geoip {
- source => "[nginx][access][remote_ip]"
- target => "[nginx][access][geoip]"
- }
- }
- }
- output {
- if "nginx" in [tags] {
- elasticsearch {
- hosts => ["localhost:9200"]
- manage_template => false
- index => "nginx-front-%{+YYYY.MM.dd}"
- document_type => "%{[@metadata][type]}"
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement