filebeat7.3+logstash7.3 收集nginx日志无法获取客户端浏览器和操作系统相关信息

Logstash | 作者 yoling1985 | 发布于2019年08月26日 | 阅读数：2634

nginx配置内容：

log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"'
'"$upstream_addr"' '"$upstream_http_host"'
'"$upstream_response_time"' '"$request_time"';

access_log logs/access.log main;

logstash配置：
grok {
match => {"message" => "%{HTTPD_COMMONLOG} %{QS:referrer} %{QS:agent}" }
overwrite => [ "message"]
}
mutate {
convert => ["response","integer"]
convert => ["bytes","integer"]
convert => ["responsetime","float"]
}
geoip {
source => "clientip"
target => "geoip"
database => "/etc/logstash/GeoLite2-City.mmdb"
add_field => ["[geoip][coordinates]","%{[geoip][longitude]}"]
add_field => ["[geoip][coordinates]","%{[geoip][latitude]}"]
}
date {
match => [ "timestamp","dd/MMM/YYYY:HH:mm:ss Z"]
remove_field => [ "timestamp"]
}
useragent {
source=>"agent"
target =>"userAgent"
}

日志输出：

1 个回复

yoling1985

grok {
match => {"message" => "%{HTTPD_COMMONLOG} %{QS:referrer} %{QS:browser}"}
overwrite => [ "message"]
}
mutate {
convert => ["response","integer"]
convert => ["bytes","integer"]
convert => ["responsetime","float"]
}
geoip {
source => "clientip"
target => "geoip"
database => "/etc/logstash/GeoLite2-City.mmdb"
add_field => ["[geoip][coordinates]","%{[geoip][longitude]}"]
add_field => ["[geoip][coordinates]","%{[geoip][latitude]}"]
}
date {
match => [ "timestamp","dd/MMM/YYYY:HH:mm:ss Z"]
remove_field => [ "timestamp"]
}
if ([agent]) {
useragent {
source => "browser"
target => "os"
remove_field => "browser"
}
}

要回复问题请先登录或注册

filebeat7.3+logstash7.3 收集nginx日志无法获取客户端浏览器和操作系统相关信息

1 个回复

发起人

相关问题

问题状态

filebeat7.3+logstash7.3 收集nginx日志无法获取客户端浏览器和操作系统相关信息

与内容相关的链接

1 个回复

发起人

相关问题

问题状态