社区微信群开通啦,扫一扫抢先加入社区官方微信群
社区微信群
#配置json 日志格式
log_format json '{"@timestamp":"$time_iso8601",'
'"host":"$server_addr",'
'"clientip":"$remote_addr",'
'"remote_user":"$remote_user",'
'"request":"$request",'
'"http_user_agent":"$http_user_agent",'
'"size":$body_bytes_sent,'
'"responsetime":$request_time,'
'"upstreamtime":"$upstream_response_time",'
'"upstreamhost":"$upstream_addr",'
'"http_host":"$host",'
'"url":"$uri",'
'"domain":"$host",'
'"xff":"$http_x_forwarded_for",'
'"referer":"$http_referer",'
'"status":"$status"}';
#引入日志模板
access_log logs/$server_name.access.log json;
编辑filebeat.yml配置文件
vim filebeat.yml
filebeat.prospectors:
- input_type: log
paths:
- /root/svr/nginx/logs/access.log
- /root/svr/nginx/logs/*.access.log
#添加自定义字段
fields:
logIndex: nginx
docType: nginx-access
#自定义字段添加至根目录
fields_under_root: true
#输出至logstash
output.logstash:
# The Logstash hosts
hosts: ["localhost:5044"]
编辑beats.conf
vim beats.conf
在beats.conf 中添加以下内容:
input {
beats {
port => 5044
codec => json
}
}
filter {
mutate {
#删除filebeat自动添加的字段
remove_field => ["tags", "beat"]
}
}
output {
stdout {
codec => rubydebug
}
}
input {
beats {
port => 5044
codec => json
}
}
filter {
mutate {
#删除filebeat自动添加的字段
remove_field => ["tags", "beat"]
}
}
output {
elasticsearch {
hosts => ["10.1.5.66:9200"]
index => "logstash-%{type}-%{+YYYY.MM.dd}"
document_type => "%{type}"
}
如果觉得我的文章对您有用,请随意打赏。你的支持将鼓励我继续创作!