nimboya · September 25, 2018 14:40
diff --git a/nginxlogstash.log b/nginxlogstash.log
 input {
     file{
        path=>["/media/access*"]
        start_position=>"beginning"
     }
 }
 filter {
     grok {
        match => { "message" => ["%{IPORHOST:[remote_ip]} - %{DATA:[user_name]} \[%{HTTPDATE:[time]}\] \"%{WORD:[method]} %{DATA:[url]} HTTP/%{NUMBER:[http_version]}\" %{NUMBER:[response_code]} %{NUMBER:[body_sent_bytes]} \"%{DATA:[referrer]}\" \"%{DATA:[agent]}\""] }
        remove_field => "message"
     }
     mutate {
        add_field => { "read_timestamp" => "%{@timestamp}" }
     }
     date {
        match => [ "[time]", "dd/MMM/YYYY:H:m:s Z" ]
        remove_field => "[time]"
     }
     useragent {
        source => "[agent]"
        target => "[user_agent]"
        remove_field => "[agent]"
     }
 }
 output {
     file {
      path => "/media/transformed/accessout.json"
     }
 }
	input {
	file{
	path=>["/media/access*"]
	start_position=>"beginning"
	}
	}
	filter {
	grok {
	match => { "message" => ["%{IPORHOST:[remote_ip]} - %{DATA:[user_name]} \[%{HTTPDATE:[time]}\] \"%{WORD:[method]} %{DATA:[url]} HTTP/%{NUMBER:[http_version]}\" %{NUMBER:[response_code]} %{NUMBER:[body_sent_bytes]} \"%{DATA:[referrer]}\" \"%{DATA:[agent]}\""] }
	remove_field => "message"
	}
	mutate {
	add_field => { "read_timestamp" => "%{@timestamp}" }
	}
	date {
	match => [ "[time]", "dd/MMM/YYYY:H:m:s Z" ]
	remove_field => "[time]"
	}
	useragent {
	source => "[agent]"
	target => "[user_agent]"
	remove_field => "[agent]"
	}
	}
	output {
	file {
	path => "/media/transformed/accessout.json"
	}
	}