小编Jes*_*son的帖子

NGINX 日志过滤器 $upstream_response_time JSON ELK "-" parsefailure

我的 NGINX 日志格式为 JSON：

log_format le_json '{ "@timestamp": "$time_iso8601", '
                   '"remote_addr": "$remote_addr", '
                   '"remote_user": "$remote_user", '
                   '"body_bytes_sent": "$body_bytes_sent", '
                   '"status": $status, '
                   '"request": "$request", '
                   '"request_method": "$request_method", '
                   '"response_time": $upstream_response_time, '
                   '"http_referrer": "$http_referer", '
                   '"http_user_agent": "$http_user_agent" }';

Run Code Online (Sandbox Code Playgroud)

我的日志被 filebeat 获取并发送到具有以下配置的 Logstash：

input {
  beats {
    port => 5044
    codec => "json"
  }
}
filter {
    geoip {
      database => "C:/GeoLiteCity.dat" 
      source => "[remote_addr]"
          }
}
output {
  elasticsearch {
    template => "C:/ELK/logstash-2.2.2/templates/elasticsearch-template.json"
    template_overwrite => true
    hosts => ["127.0.0.1"]
    index => …

Run Code Online (Sandbox Code Playgroud)

json nginx elastic-stack filebeat

Jes*_*son

lucky-day

4
推荐指数

1
解决办法

1981
查看次数