Filebeat收集Nginx日志

配置nginx日志输出格式

log_format access_json_log  '{"@timestamp":"$time_local",'
                                  '"http_host":"$http_host",'
                                  '"clinetip":"$remote_addr",'
                                  '"request":"$request",'
                                  '"status":"$status",'
                                  '"size":"$body_bytes_sent",'
                                  '"upstream_addr":"$upstream_addr",'
                                  '"upstream_status":"$upstream_status",'
                                  '"upstream_response_time":"$upstream_response_time",'
                                  '"request_time":"$request_time",'
                                  '"http_referer":"$http_referer",'
                                  '"http_user_agent":"$http_user_agent",'
                                  '"http_x_forwarded_for":"$http_x_forwarded_for"}';

    access_log  /var/log/nginx/access.log  access_json_log;

配置filebeat

- input_type: log
  enabled: true
  # Paths that should be crawled and fetched. Glob based paths.
  paths:
    - /var/log/nginx/access.log
  fields:
    source: nginx

output.elasticsearch:
  # Array of hosts to connect to.
  hosts: ["192.168.203.133:9200"]
  indices:
    - index: "nginx-%{+yyyy.MM.dd}"
      when.contains:
        source: "nginx"

启动filebeat加载配置文件

./filebeat -e -c filebeat.yml

查看

kibana配置index

discover里面可以查看到采集的日志了