借一张图:
搭建版本为:
Elasticsearch:1.5.2
Logstash:1.4.2
Kibana:4.0.2
Shipper节点配置如下:
input {
file {
path => "/var/log/nginx/*_access.log"
}
}
filter {
if [path] =~ "access" {
mutate { replace => { "type" => "nginx_access" } }
grok {
match => { "message" => "%{IPORHOST:clientip} [%{HTTPDATE:timestamp}] "(?:%{WORD:method} %{NOTSPACE:request}(?: HTTP/%{NUMBER:httpversion})?|%{DATA:rawrequest})" %{NUMBER:response} (?:%{NUMBER:bytes}|-) %{QS:referrer} %{QS:timeconsumer}" }
}
}
date {
match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]
}
}
output {
redis {
data_type => "list"
host => “xxx"
password => “xxx"
key => “xxx"
}
}
Indexer配置如下:
input {
redis {
data_type => "list"
host => localhost
password => “xxx"
key => “xxx"
}
}
output {
elasticsearch {
host => localhost
codec => "json"
}
}