Elasticsearch Nginx Logs(beta-1)

Dashboard

Browse, analyze logs in Elasticsearch Nginx Logs
Last updated: 6 months ago

Start with Grafana Cloud and the new FREE tier. Includes 10K series Prometheus or Graphite Metrics and 50gb Loki Logs

Downloads: 26

Reviews: 0

    嗯...

    Collector Configuration Details

    nginx.conf

        log_format json  '{"@timestamp":"$time_iso8601",'
                     '"server_host":"$server_addr",'
                     '"server_name":"$server_name",'
                     '"server_port":"$server_port",'
                     '"server_protocol":"$server_protocol",'                 
                     '"client_ip":"$remote_addr",'
                     '"client_user":"$remote_user",'
                     '"request_line":"$request",'
                     '"status":"$status",'
                     '"request_method": "$request_method",'
                     '"send_client_body_size":"$body_bytes_sent",'
                     '"send_client_size":"$bytes_sent",'
                     '"request_length":"$request_length",'
                     '"request_time":"$request_time",'
                     '"upstream_time":"$upstream_response_time",'
                     '"upstream_host":"$upstream_addr",'
                     '"http_host":"$host",'
                     '"request_url":"$request_uri",'
                     '"http_x_forward":"$http_x_forwarded_for",'
                     '"proxy_add_x_forward":"$proxy_add_x_forwarded_for",'
                     '"http_referer":"$http_referer",'
                     '"user_agent":"$http_user_agent",'
                     '"http_upgrade":"$http_upgrade",'
                     '"http_cookie":"$http_cooke",'
                     '"gzip_ratio":"$gzip_ratio",'
                     '"pipeline":"$pipe",'
                     '"connection_requests":"$connection_requests",'
                     '"connection_number":"$connection",'
                     '"http_origin":"$http_origin",'
                     '"http_x_forwarded_proto":"$http_x_forwarded_proto",'
                     '"http_scheme":"$scheme"}';
    
        access_log /var/log/nginx/access.log json;
    
    

    filebeat.docker.yml

    filebeat.inputs:
    - type: docker
      enabled: true
      containers.ids:
        - '*'
      processors:
        - add_docker_metadata: ~
    
    filebeat.autodiscover:
      providers:
        - type: docker
          hints.enabled: true
    
    output.logstash:
       hosts: ['logstash:5044']
    

    logstash.conf

    input {
      beats {
        port => 5044
      }
    }
    
    
    filter {
      if [container][name] == "nginx" {
        mutate {
            gsub => ["message", "\\x", "\\\x"]
            remove_field => ["beat"]
            convert => [ "send_client_size", "integer" ]
            convert => [ "send_client_body_size", "integer" ]
            convert => [ "request_length", "integer" ]
        }
        json {
            source => "message"
            remove_field => ["message"]
        }
    
        date {
            locale => "en"
            match => ["locals", "ISO8601"]
        }
        geoip {
            source => "client_ip"
        }
      }
    }
    
    
    output {
      if [container][name] == "nginx" {
        elasticsearch {
          hosts => ["http://es01:9200"]
          index => "nginx-%{+YYYY.MM.dd}"
          #user => "elastic"
          #password => "changeme"
        }
      }
      stdout {}
    }