Skip to content

Instantly share code, notes, and snippets.

@myfreax

myfreax/README.md

Forked from mariotacke/README.md
Created December 12, 2021 03:31
Show Gist options
  • Save myfreax/50babfa6634d58678f75dafd4183c0cc to your computer and use it in GitHub Desktop.
Save myfreax/50babfa6634d58678f75dafd4183c0cc to your computer and use it in GitHub Desktop.
Download ZIP
Default nginx log format (combined) and grok pattern
Raw
README.md
Raw
nginx-default-log-format
log_format combined '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
Raw
nginx.pattern
NGINX_ACCESS %{IPORHOST:remote_addr} - %{USERNAME:remote_user} \[%{HTTPDATE:time_local}\] \"%{DATA:request}\" %{INT:status} %{NUMBER:bytes_sent} \"%{DATA:http_referer}\" \"%{DATA:http_user_agent}\"
Raw
shipper.conf
input {
file {
type => "nginx"
start_position => "beginning"
path => [ "/var/log/nginx/*.log" ]
}
}
filter {
if [type] == "nginx" {
grok {
patterns_dir => "/etc/logstash/patterns"
match => { "message" => "%{NGINX_ACCESS}" }
remove_tag => [ "_grokparsefailure" ]
add_tag => [ "nginx_access" ]
}
geoip {
source => "remote_addr"
}
}
}
output {
redis {
host => "<your redis host>"
data_type => "list"
key => "logstash"
codec => json
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment