场景示例 Nginx 访问日志 

http {
    include       mime.types;
    default_type  application/octet-stream;
      log_format  main  '$remote_addr [$time_local] "$request" '
                      '$request_body $status $body_bytes_sent "$http_referer" "$http_user_agent" '
                      '$request_time $http_x_forwarded_for';


日志格式:
121.40.228.39 [01/Sep/2016:11:04:46 +0800] "GET / HTTP/1.1" - 200 20698 "-" "curl/7.44.0" 0.001 -

10.168.255.134 [01/Sep/2016:11:04:48 +0800] "GET /account/fund/fundDetail.html?1472699086917 HTTP/1.1" - 200 3777 "https://wenjinbao.winfae.com/account/myAccount.html" "Mozilla/5.0 (Windows NT 5.1) 

AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.108 Safari/537.36 2345Explorer/7.1.0.12633" 0.000 115.226.250.21


}
filter {
    grok {
        match => {
             "message" => "%{IPORHOST:clientip} \[%{HTTPDATE:time}\] \"%{WORD:verb} %{URIPATHPARAM:request} HTTP/%{NUMBER:httpversion}\" \- %{NUMBER:http_status_code} %{NUMBER:bytes} \"(?

<http_referer>\S+)\" \"(?<http_user_agent>(\S+\s+)*\S+)\" (%{BASE16FLOAT:request_time}) (%{IPORHOST:http_x_forwarded_for}|-)"
        }
    }   
}




elasticsearch:
{

    "_index": "logstash-wj-frontend-2016.09.01",
    "_type": "wj_frontend_access",
    "_id": "AVbju8BdiJd39o4dhL8S",
    "_version": 1,
    "_score": 1,
    "_source": {
        "message": " 10.168.255.134 [01/Sep/2016:11:14:16 +0800] "GET /resources/css/productInfo.74752cfb.css?_v=${last.updated} HTTP/1.1" - 200 20102 

"https://wenjinbao.winfae.com/products/productInfo.html?productSn=634" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36" 0.001 

115.234.131.214",
        "@version": "1",
        "@timestamp": "2016-09-01T03:14:48.323Z",
        "path": "/data01/applog_backup/winfae_log/wj-frontend01-access.2016-09-01",
        "host": "dr-mysql01.zjcap.com",
        "type": "wj_frontend_access",
        "clientip": "10.168.255.134",
        "time": "01/Sep/2016:11:14:16 +0800",
        "verb": "GET",
        "request": "/resources/css/productInfo.74752cfb.css?_v=${last.updated}",
        "httpversion": "1.1",
        "http_status_code": "200",
        "bytes": "20102",
        "http_referer": "https://wenjinbao.winfae.com/products/productInfo.html?productSn=634",
        "http_user_agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36",
        "request_time": "0.001",
        "http_x_forwarded_for": "115.234.131.214"
    }

}

posted @ 2016-09-01 11:17  czcb  阅读(263)  评论(0编辑  收藏  举报