你的浏览器禁用了JavaScript, 请开启后刷新浏览器获得更好的体验!
输入关键字进行搜索
搜索:
没有找到相关结果
medcl - 今晚打老虎。
赞同来自:
yokv
input { beats { codec => "json" port => "5044" } } filter { if "nginx-access" in [tags] { useragent { target => "userAgent" source => "useragent" } geoip { source => "forwarded" target => "geoip" } } else if "application-log" in [tags] { } } output { if "nginx-access" in [tags] { elasticsearch { hosts => ["xx:9200"] index => "logstash-nginx-%{+YYYY.MM.dd}" } } else if "application-log" in [tags] { elasticsearch { hosts => ["xx:9200"] index => "logstash-application-log-%{+YYYY.MM.dd}" } } }
{ "@timestamp": "2018-04-28T16:26:04+08:00", "@version": "1", "host": "192.168.3.20", "request": "POST /xxxx HTTP/1.1", "client": "192.168.3.1", "size": "595", "responsetime": "1.765", "domain": "", "url": "", "referer": "", "useragent": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36", "status": "200", "forwarded": "-", "cookie": "JSESSIONID=88121A21256AE973B5902357C58B4006; language=zh_CN" }
zqc0512 - andy zhou
要回复问题请先登录或注册
4 个回复
medcl - 今晚打老虎。
赞同来自:
yokv
赞同来自:
版本都是6.2.4
nginx日志数据格式
yokv
赞同来自:
日志文件中记录和ES中的时间@timestap不一致
zqc0512 - andy zhou
赞同来自: