Skip to content

Instantly share code, notes, and snippets.

@keremcankabadayi

keremcankabadayi/examplelog.txt

Last active March 26, 2018 20:06
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save keremcankabadayi/2d5a4ca43318bfdf226c663d33a91d9a to your computer and use it in GitHub Desktop.
Save keremcankabadayi/2d5a4ca43318bfdf226c663d33a91d9a to your computer and use it in GitHub Desktop.
Download ZIP
nginx.conf & nginx.pattern
Raw
examplelog.txt
93.87.248.208 - - [17/Mar/2018:21:05:19 +0300] "GET /wp-admin HTTP/1.1" 200 5015 0.738 0.738 ."-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/5350 (KHTML, like Gecko) Chrome/13.0.829.0 Safari/5350" "-"
Raw
nginx.conf
input {
file {
path =>"/Users/kerem/Desktop/ElasticStackOrnekCalisanSistemler/NginxLive/logs.log"
start_position => "beginning"
}
}
filter {
grok {
match => { "message" => "%{NGINX}" }
}
date {
match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]
}
geoip {
source => "clientip"
target => "geoip"
}
useragent {
source => "agent"
target => "user_agent"
}
}
output {
elasticsearch {
hosts => ["localhost:9200"]
index => "nginxlive"
document_type => "logs"
}
}
Raw
nginx.pattern
NGINX %{IPORHOST:clientip} - - \[%{HTTPDATE:timestamp}] \"(?:%{WORD:verb} %{NOTSPACE:request}(?: HTTP/%{NUMBER:httpversion})?|-)\" %{NUMBER:status_code} (?:%{NUMBER:bytes}|-) %{NUMBER:request_time} %{NUMBER:upstream_response_time} %{NOTSPACE:referer} %{QS:agent} %{QS:zipcode}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment