logstash 解析问题
匿名 | 发布于2019年02月25日 | 阅读数:2189
麻烦哪个大神给解析一下这个日志////非常的着急。。。。解析出来的东西都乱七八糟
我现在是解析出现都是错误的
nginx日志如下:
"22.1221.223.2 -" "2019-02-25T14:12:05+08:00" "GET / HTTP/1.1" "200" "621" "0.002" "0.002" "172.17.83.70:4801" "d73d8829f5654a85af37ef86c64e9931" "-" "https://www.baidu.com/link%3Fu ... ot%3B "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.26 Safari/537.36 Core/1.63.6821.400 QQBrowser/10.3.30000.400"
我写的是不是有错误
cat nginx.conf
input{
file{
path=>["/search/nginx/log/www.esssedia.com.access.log"]
}
}
filter {
grok {
match => {
"message" =>"\"%{IPV4:remote_addr} ((?<http_x_forwarded_for>\S+)|-)\" \"%{HTTPDATE:nginx_timestamp}\" %{NUMBER:http_status_code} %{BASE10NUM:body_bytes_sent:int} %{BASE16FLOAT:request_time} %{BASE16FLOAT:upstream_response_time} \"%{WORD:verb} %{URIPATHPARAM:request} HTTP/%{NUMBER:httpversion}\" \"(?<http_referer>\S+)\" \"(?<http_user_agent>(\S+\s+)*\S+)\""
}
}
}
output {
elasticsearch{
hosts=>"112.11.81.91:9200"
index=>"www.ewwia.com_%{+YYYY.MM.dd}"
}
}
我现在是解析出现都是错误的
nginx日志如下:
"22.1221.223.2 -" "2019-02-25T14:12:05+08:00" "GET / HTTP/1.1" "200" "621" "0.002" "0.002" "172.17.83.70:4801" "d73d8829f5654a85af37ef86c64e9931" "-" "https://www.baidu.com/link%3Fu ... ot%3B "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.26 Safari/537.36 Core/1.63.6821.400 QQBrowser/10.3.30000.400"
我写的是不是有错误
cat nginx.conf
input{
file{
path=>["/search/nginx/log/www.esssedia.com.access.log"]
}
}
filter {
grok {
match => {
"message" =>"\"%{IPV4:remote_addr} ((?<http_x_forwarded_for>\S+)|-)\" \"%{HTTPDATE:nginx_timestamp}\" %{NUMBER:http_status_code} %{BASE10NUM:body_bytes_sent:int} %{BASE16FLOAT:request_time} %{BASE16FLOAT:upstream_response_time} \"%{WORD:verb} %{URIPATHPARAM:request} HTTP/%{NUMBER:httpversion}\" \"(?<http_referer>\S+)\" \"(?<http_user_agent>(\S+\s+)*\S+)\""
}
}
}
output {
elasticsearch{
hosts=>"112.11.81.91:9200"
index=>"www.ewwia.com_%{+YYYY.MM.dd}"
}
}
1 个回复
jybbh - 80后IT男
赞同来自: