ELK—Nginx日志收集

自定义nginx日志格式为json

log_format access_json '{@timestamp:$time_iso8601,' 'host:$server_addr,' 'clientip:$remote_addr,' 'size:$body_bytes_sent,' 'responsetime:$request_time,' 'upstreamtime:$upstream_response_time,' 'upstreamhost:$upstream_addr,' 'http_host:$host,' 'url:$uri,' 'domain:$host,' 'xff:$http_x_forwarded_for,' 'referer:$http_referer,' 'status:$status}';  access_log /var/log/nginx/access.log access_json;

配置 logstash  收集 nginx  访问日志

input {   file {     path => /var/log/nginx/access.log     start_position => end     type => nginx-accesslog     codec => json   } }  output {   if [type] == nginx-accesslog {     elasticsearch {     hosts => [192.168.15.11:9200]     index => logstash-nginx-accesslog-1516-%{+YYYY.MM.dd}     }   } }