-
-
Save vishal2232/f1bf9d20943e9efd653fa08be6637625 to your computer and use it in GitHub Desktop.
Revisions
-
Shellbye revised this gist
May 11, 2017 . 1 changed file with 44 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,44 @@ # https://logz.io/blog/nginx-access-log-monitoring-dashboard/ input { file { type => nginx_web path => "/var/log/nginx/*" exclude => "*.gz" } } filter { grok { match => [ "message" , "%{COMBINEDAPACHELOG}+%{GREEDYDATA:extra_fields}"] overwrite => [ "message" ] } mutate { convert => ["response", "integer"] convert => ["bytes", "integer"] convert => ["responsetime", "float"] } geoip { source => "clientip" target => "geoip" add_tag => [ "nginx-geoip" ] } date { match => [ "timestamp" , "dd/MMM/YYYY:HH:mm:ss Z" ] remove_field => [ "timestamp" ] } useragent { source => "agent" } } output { elasticsearch { hosts => [ "localhost:9200" ] } } -
May 11, 2017 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,41 @@ input { file { type => uwsgi path => ["/path/to/uwsgi.log"] } } filter { grok { match => { "message" => "\[pid: %{NUMBER:pid}\|app: %{NUMBER:id}\|req: %{NUMBER:currentReq}/%{NUMBER:totalReq}\] %{IP:remoteAddr} \(%{WORD:remoteUser}?\) \{%{NUMBER:CGIVar} vars in %{NUMBER:CGISize} bytes\} \[%{DATA:timestamp}\] %{WORD:method} %{URIPATHPARAM:uri} \=\> generated %{NUMBER:resSize} bytes in %{NUMBER:resTime} msecs \(HTTP/%{NUMBER:httpVer} %{NUMBER:status}\) %{NUMBER:headers} headers in %{NUMBER:headersSize} bytes %{GREEDYDATA:coreInfo}" } } mutate { convert => ["status", "integer"] convert => ["resSize", "integer"] convert => ["resTime", "float"] } geoip { source => "remoteAddr" target => "geoip" add_tag => [ "uwsgi-geoip" ] } date { match => [ "timestamp", "EEE MMM d HH:mm:ss y", "EEE MMM d HH:mm:ss y" ] remove_field => [ "timestamp" ] } if "_grokparsefailure" in [tags] { drop {} } } output { elasticsearch { hosts => [ "localhost:9200" ] index => "uwsgi-%{+YYYY.MM.dd}" } }