小弟透過logstash收集log的access日誌,然後寫腳本傳輸到elasticsearch:9200
腳本如下:
input {
file {
path => "/var/log/nginx/h5-api-access.log"
start_position => "beginning"
type => "syslog"
}
}
filter {
if [type] == "syslog" {
grok {
match => [ "message" , "%{HOSTNAME:http_host} %{COMBINEDAPACHELOG} %{DATA:rawrequest} \"(?<x_forwarded_for>%{IP:true_clientip},*.*)\""]
overwrite => [ "message" ]
}
mutate {
convert => ["response", "integer"]
convert => ["bytes", "integer"]
convert => ["responsetime", "float"]
rename => { "clientip" => "reverse-ip" }
rename => { "rawrequest" => "request_body" }
split => { "x_forwarded_for" => ", " }
}
geoip {
source => "true_clientip"
target => "geoip"
add_tag => [ "nginx-geoip" ]
}
date {
match => [ "timestamp" , "dd/MMM/YYYY:HH:mm:ss Z" ]
timezone => "Etc/GMT-8"
remove_field => [ "timestamp" ]
}
useragent {
source => "agent"
}
}
}
output {
# if [type] == "syslog" {
stdout { codec => rubydebug }
elasticsearch {
hosts => ["172.16.16.86:9200"]
index => "nginx-dog-%{+YYYY.MM.dd}"
# }
}
}
可以看到172.16.16.86:9200 是我的elasticsearch Server端,
然後透過elasticsearch-head可以查看我的log分析
不過我也好奇,我傳輸過去的access的log,會存放在elasticsearch Server端的哪個地方
Google過了,似乎也沒有相關的資訊,相關路徑找了也沒找出什麼蛛絲馬跡
是不是哪邊出了問題呢?
已邀請的邦友 {{ invite_list.length }}/5
請找你的 YAML 檔, 裡面有設定值可查:
Configuring Elasticsearchedit
so u ka!
因為並沒有path這個路徑,所以目前正著手開始找尋elasticsearch的儲存機制是什麼 (Googleing)
https://blog.csdn.net/qq_36381640/article/details/82794310
目前有參考這份資料,雖然還是有點一知半解
iThome鐵人賽
看影片追技術