# Elasticserch Nginx Logs

Dashboard

Browse, analyze logs in Elasticsearchstatus_codes, pie-chart, top 10 clientip, line-chart,word-map and etc...
Last updated: a month ago

Downloads: 461

  • 6e9a4d0bgy1fivq67upnpj21ge0l7jy4.jpg
    6e9a4d0bgy1fivq67upnpj21ge0l7jy4.jpg
  • 6e9a4d0bgy1fivq4nkvnlj21gk182k2a.jpg
    6e9a4d0bgy1fivq4nkvnlj21gk182k2a.jpg

ELK 5.X

nginx access log format

log_format main   '{"@timestamp":"$time_iso8601",'
                        '"@source":"$server_addr",'
                        '"hostname":"$hostname",'
                        '"ip":"$http_x_forwarded_for",'
                        '"client":"$remote_addr",'
                        '"request_method":"$request_method",'
                        '"scheme":"$scheme",'
                        '"domain":"$server_name",'
                        '"referer":"$http_referer",'
                        '"request":"$request_uri",'
                        '"args":"$args",'
                        '"size":$body_bytes_sent,'
                        '"status": $status,'
                        '"responsetime":$request_time,'
                        '"upstreamtime":"$upstream_response_time",'
                        '"upstreamaddr":"$upstream_addr",'
                        '"http_user_agent":"$http_user_agent",'
                        '"https":"$https"'
                        '}';

Logstash nginx_access.conf

input {
    file {
        #这里根据自己日志命名使用正则匹配所有域名访问日志
        path => [ "/usr/local/nginx/logs/*_access.log" ]
        ignore_older => 0
    codec => json
    }
}

filter {
    mutate {
      convert => [ "status","integer" ]
      convert => [ "size","integer" ]
      convert => [ "upstreatime","float" ]
      remove_field => "message"
    }
    geoip {
        source => "ip"
    }


}
output {
    elasticsearch {
        hosts => "127.0.0.1:9200"
        index => "logstash-nginx-access-%{+YYYY.MM.dd}"
    }
#    stdout {codec => rubydebug}
}