Add Logstash config to filter example Nginx logs

Signed-off-by: Jing Li <thyrlian@gmail.com>
This commit is contained in:
Jing Li 2020-07-24 02:32:09 +02:00
parent 20e68aa966
commit c02d92a01c
4 changed files with 8168 additions and 0 deletions

View File

@ -52,3 +52,7 @@ Stop and remove the containers
``` ```
$ docker-compose down $ docker-compose down
``` ```
## Attribution
The [example Nginx logs](https://github.com/docker/awesome-compose/tree/master/elasticsearch-logstash-kibana/logstash/nginx.log) are copied from [here](https://github.com/elastic/examples/blob/master/Common%20Data%20Formats/nginx_json_logs/nginx_json_logs).

View File

@ -23,6 +23,9 @@ services:
environment: environment:
discovery.seed_hosts: logstash discovery.seed_hosts: logstash
LS_JAVA_OPTS: "-Xms512m -Xmx512m" LS_JAVA_OPTS: "-Xms512m -Xmx512m"
volumes:
- ./logstash/pipeline/logstash-nginx.config:/usr/share/logstash/pipeline/logstash-nginx.config
- ./logstash/nginx.log:/home/nginx.log
ports: ports:
- "5000:5000/tcp" - "5000:5000/tcp"
- "5000:5000/udp" - "5000:5000/udp"
@ -32,6 +35,7 @@ services:
- elasticsearch - elasticsearch
networks: networks:
- elastic - elastic
command: logstash -f /usr/share/logstash/pipeline/logstash-nginx.config
kibana: kibana:
image: kibana:7.8.0 image: kibana:7.8.0
container_name: kib container_name: kib

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,30 @@
input {
file {
path => "/home/nginx.log"
start_position => "beginning"
sincedb_path => "/dev/null"
}
}
filter {
json {
source => "message"
}
geoip {
source => "remote_ip"
}
useragent {
source => "agent"
target => "useragent"
}
}
output {
elasticsearch {
hosts => ["http://es:9200"]
index => "nginx"
}
stdout {
codec => rubydebug
}
}