nginx日志格式 log_format main '$host ' '$server_addr ' '$remote
nginx日志格式
log_format main '$host ' '$server_addr ' '$remote_addr ' '- ' '"$time_local" ' '$status ' '$body_bytes_sent ' '$request_time ' '"$http_referer" ' '"$request" ' '"$http_user_agent" ' '$pid';安装pattern位置在:/usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-4.0.2/patterns创建一个规则nginx
%{HOSTNAME:host} %{IP:resip} %{IP:clientip} - "%{HTTPDATE:timestamp}" %{INT:response} %{INT:body_bytes_sent} %{NUMBER:requesttime:float} %{QS:referrer} %{QS:request} %{QS:agent} %{NUMBER:ngxpid}使用grok debugger进行调试Grok debugger传送门
参考资料:LOGSTASH+ELASTICSEARCH+KIBANA处理NGINX访问日志
