silviud · September 18, 2017 17:51
diff --git a/logstash.index.json b/logstash.index.json
 // fluentd conf
 <source>
  @type tail
  path /var/log/nginx/access.log #...or where you placed your Apache access log
  pos_file /var/log/td-agent/nginx-access.log.pos # This is where you record file position
  tag nginx.access #fluentd tag!
  format /^(?<remote>[^ ]*) (?<host>[^ ]*) (?<user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^\"]*) +\S*)?" (?<code>[^ ]*) (?<size>[^ ]*)(?: "(?<referer>[^\"]*)" "(?<agent>[^\"]*)" "(?<end>)[^\"]*")?$/
  time_format %d/%b/%Y:%H:%M:%S %z
 </source>

 # <source>
 #   @type tail
 #   path /var/log/nginx/error.log #...or where you placed your Apache access log
 #   pos_file /var/log/td-agent/nginx-error.log.pos # This is where you record file position
 #   tag nginx.error #fluentd tag!
 #   format nginx # Do you have a custom format? You can write your own regex.
 # </source>

 <match **>
  @type elasticsearch
  logstash_format true
  host localhost
  port 9200
  index_name logstash
  type_name nginx
 </match>



 // deprecated in ES5

 {
 "template_logstash":{
    "template" : "logstash*",
    "settings" : {
        "number_of_shards" : 5,
        "index.cache.field.type" : "soft",
        "index.refresh_interval" : "5s",
        "index.store.compress.stored" : true,
        "index.query.default_field" : "message",
        "index.routing.allocation.total_shards_per_node" : 5
    },
    "mappings" : {
        "_default_" : {
            "_all" : {"enabled" : false},
            "properties" : {
               "message": { "type": "string", "index": "analyzed" },
               "@source": { "type": "string", "index": "no" },
               "@source_host": { "type": "string", "index": "not_analyzed" },
               "@source_path": { "type": "string", "index": "not_analyzed" },
               "@tags": { "type": "string", "index": "not_analyzed" },
               "@timestamp": { "type": "date", "format": "yyyy-MM-dd'T'HH:mm:ss.SSSZZ||yyyy-MM-dd'T'HH:mm:ssZZ", "index": "not_analyzed" },
               "@type": { "type": "string", "index": "not_analyzed" },
               "@fields": {
                 "type" : "object",
                 "path" : "full",
                 "properties" : {
                   "bytes": { "index_name": "bytes", "type": "integer", "ignore_malformed": true, "index": "not_analyzed" },
                   "clientip": { "index_name": "clientip", "type": "ip", "index": "not_analyzed" },
                   "host": { "index_name": "host", "type": "string", "index": "analyzed" },
                   "httpversion": { "index_name": "httpversion", "type": "float", "ignore_malformed": true, "index": "not_analyzed" },
                   "method": { "index_name": "method", "type": "string", "index": "not_analyzed" },
                   "path": { "index_name": "path", "type": "string", "index": "analyzed" },
                   "referrer": { "index_name": "referrer", "type": "string", "index": "not_analyzed" },
                   "response": { "index_name": "response", "type": "integer", "ignore_malformed": true, "index": "not_analyzed" },
                   "syslog_hostname": { "index_name": "syslog_hostname", "type": "string", "index": "not_analyzed" },
                   "syslog_pri": { "index_name": "syslog_pri", "type": "integer", "ignore_malformed": true, "index": "not_analyzed" },
                   "syslog_program": { "index_name": "syslog_program", "type": "string", "index": "not_analyzed" },
                   "syslog_timestamp": { "index_name": "syslog_timestamp", "type": "string", "index": "no" },
                   "time": { "index_name": "time", "type": "string", "index": "no" },
                   "upstr_ip": { "index_name": "upstr_ip", "type": "ip", "index": "not_analyzed" },
                   "upstr_port": { "index_name": "upstr_port", "type": "integer", "ignore_malformed": true, "index": "not_analyzed" },
                   "upstrcode": { "index_name": "upstrcode",  "type": "integer", "ignore_malformed": true, "index": "not_analyzed" },
                   "upstrtime": { "index_name": "upstrtime", "type": "float", "ignore_malformed": true, "index": "not_analyzed" },
                   "useragent": { "index_name": "useragent", "type": "string", "index": "analyzed" }
                 }
               }
            }
        }
    }

 }
 }
	// fluentd conf
	<source>
	@type tail
	path /var/log/nginx/access.log #...or where you placed your Apache access log
	pos_file /var/log/td-agent/nginx-access.log.pos # This is where you record file position
	tag nginx.access #fluentd tag!
	format /^(?<remote>[^ ]) (?<host>[^ ]) (?<user>[^ ]) \[(?<time>[^\]])\] "(?<method>\S+)(?: +(?<path>[^\"]) +\S)?" (?<code>[^ ]) (?<size>[^ ])(?: "(?<referer>[^\"])" "(?<agent>[^\"])" "(?<end>)[^\"]*")?$/
	time_format %d/%b/%Y:%H:%M:%S %z
	</source>

	# <source>
	# @type tail
	# path /var/log/nginx/error.log #...or where you placed your Apache access log
	# pos_file /var/log/td-agent/nginx-error.log.pos # This is where you record file position
	# tag nginx.error #fluentd tag!
	# format nginx # Do you have a custom format? You can write your own regex.
	# </source>

	<match **>
	@type elasticsearch
	logstash_format true
	host localhost
	port 9200
	index_name logstash
	type_name nginx
	</match>



	// deprecated in ES5

	{
	"template_logstash":{
	"template" : "logstash*",
	"settings" : {
	"number_of_shards" : 5,
	"index.cache.field.type" : "soft",
	"index.refresh_interval" : "5s",
	"index.store.compress.stored" : true,
	"index.query.default_field" : "message",
	"index.routing.allocation.total_shards_per_node" : 5
	},
	"mappings" : {
	"_default_" : {
	"_all" : {"enabled" : false},
	"properties" : {
	"message": { "type": "string", "index": "analyzed" },
	"@source": { "type": "string", "index": "no" },
	"@source_host": { "type": "string", "index": "not_analyzed" },
	"@source_path": { "type": "string", "index": "not_analyzed" },
	"@tags": { "type": "string", "index": "not_analyzed" },
	"@timestamp": { "type": "date", "format": "yyyy-MM-dd'T'HH:mm:ss.SSSZZ\|\|yyyy-MM-dd'T'HH:mm:ssZZ", "index": "not_analyzed" },
	"@type": { "type": "string", "index": "not_analyzed" },
	"@fields": {
	"type" : "object",
	"path" : "full",
	"properties" : {
	"bytes": { "index_name": "bytes", "type": "integer", "ignore_malformed": true, "index": "not_analyzed" },
	"clientip": { "index_name": "clientip", "type": "ip", "index": "not_analyzed" },
	"host": { "index_name": "host", "type": "string", "index": "analyzed" },
	"httpversion": { "index_name": "httpversion", "type": "float", "ignore_malformed": true, "index": "not_analyzed" },
	"method": { "index_name": "method", "type": "string", "index": "not_analyzed" },
	"path": { "index_name": "path", "type": "string", "index": "analyzed" },
	"referrer": { "index_name": "referrer", "type": "string", "index": "not_analyzed" },
	"response": { "index_name": "response", "type": "integer", "ignore_malformed": true, "index": "not_analyzed" },
	"syslog_hostname": { "index_name": "syslog_hostname", "type": "string", "index": "not_analyzed" },
	"syslog_pri": { "index_name": "syslog_pri", "type": "integer", "ignore_malformed": true, "index": "not_analyzed" },
	"syslog_program": { "index_name": "syslog_program", "type": "string", "index": "not_analyzed" },
	"syslog_timestamp": { "index_name": "syslog_timestamp", "type": "string", "index": "no" },
	"time": { "index_name": "time", "type": "string", "index": "no" },
	"upstr_ip": { "index_name": "upstr_ip", "type": "ip", "index": "not_analyzed" },
	"upstr_port": { "index_name": "upstr_port", "type": "integer", "ignore_malformed": true, "index": "not_analyzed" },
	"upstrcode": { "index_name": "upstrcode", "type": "integer", "ignore_malformed": true, "index": "not_analyzed" },
	"upstrtime": { "index_name": "upstrtime", "type": "float", "ignore_malformed": true, "index": "not_analyzed" },
	"useragent": { "index_name": "useragent", "type": "string", "index": "analyzed" }
	}
	}
	}
	}
	}

	}
	}