Skip to content

Instantly share code, notes, and snippets.

@Shellbye
Last active July 8, 2020 09:11
  • Star 1 You must be signed in to star a gist
  • Fork 2 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save Shellbye/499c364a090e10c154977332a39614a0 to your computer and use it in GitHub Desktop.
uwsgi & nginx grok pattern
# https://logz.io/blog/nginx-access-log-monitoring-dashboard/
input {
file {
type => nginx_web
path => "/var/log/nginx/*"
exclude => "*.gz"
}
}
filter {
grok {
match => [ "message" , "%{COMBINEDAPACHELOG}+%{GREEDYDATA:extra_fields}"]
overwrite => [ "message" ]
}
mutate {
convert => ["response", "integer"]
convert => ["bytes", "integer"]
convert => ["responsetime", "float"]
}
geoip {
source => "clientip"
target => "geoip"
add_tag => [ "nginx-geoip" ]
}
date {
match => [ "timestamp" , "dd/MMM/YYYY:HH:mm:ss Z" ]
remove_field => [ "timestamp" ]
}
useragent {
source => "agent"
}
}
output {
elasticsearch {
hosts => [ "localhost:9200" ]
}
}
input {
file {
type => uwsgi
path => ["/path/to/uwsgi.log"]
}
}
filter {
grok {
match => { "message" => "\[pid: %{NUMBER:pid}\|app: %{NUMBER:id}\|req: %{NUMBER:currentReq}/%{NUMBER:totalReq}\] %{IP:remoteAddr} \(%{WORD:remoteUser}?\) \{%{NUMBER:CGIVar} vars in %{NUMBER:CGISize} bytes\} \[%{DATA:timestamp}\] %{WORD:method} %{URIPATHPARAM:uri} \=\> generated %{NUMBER:resSize} bytes in %{NUMBER:resTime} msecs \(HTTP/%{NUMBER:httpVer} %{NUMBER:status}\) %{NUMBER:headers} headers in %{NUMBER:headersSize} bytes %{GREEDYDATA:coreInfo}" }
}
mutate {
convert => ["status", "integer"]
convert => ["resSize", "integer"]
convert => ["resTime", "float"]
}
geoip {
source => "remoteAddr"
target => "geoip"
add_tag => [ "uwsgi-geoip" ]
}
date {
match => [ "timestamp", "EEE MMM d HH:mm:ss y", "EEE MMM d HH:mm:ss y" ]
remove_field => [ "timestamp" ]
}
if "_grokparsefailure" in [tags] {
drop {}
}
}
output {
elasticsearch {
hosts => [ "localhost:9200" ]
index => "uwsgi-%{+YYYY.MM.dd}"
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment