tureki/logstash.conf

## logstash.conf
input {
        file {
                type => "nginx_access"
                codec=>json
                path => ["/var/log/nginx/**"]
                exclude => ["*.gz", "error.*"]
                discover_interval => 10
                sincedb_path => "/opt/logstash/.sincedb"
        }
}

filter {
        grok {
                match => [ "message","%{IPORHOST:clientip} %{USER:ident} %{USER:auth} \[%{TIMESTAMP_ISO8601:timestamp}\] \"(?:%{WORD:verb} %{NOTSPACE:request}(?: HTTP/%{NUMBER:httpversion})?|%{DATA:rawrequest})\" %{NUMBER:response} (?:%{NUMBER:bytes}|-) %{QS:referrer} %{QS:agent}"]
        }
}

output {
        elasticsearch {
                host => "HOSTNAME"
                index=>"ngx-access-%{+YYYY.MM.DD}"
                index_type => "nginx"
                cluster=>"ELASTICSEARCH CLUSTER NAME"
        }
}
	input {
	file {
	type => "nginx_access"
	codec=>json
	path => ["/var/log/nginx/**"]
	exclude => [".gz", "error."]
	discover_interval => 10
	sincedb_path => "/opt/logstash/.sincedb"
	}
	}

	filter {
	grok {
	match => [ "message","%{IPORHOST:clientip} %{USER:ident} %{USER:auth} \[%{TIMESTAMP_ISO8601:timestamp}\] \"(?:%{WORD:verb} %{NOTSPACE:request}(?: HTTP/%{NUMBER:httpversion})?\|%{DATA:rawrequest})\" %{NUMBER:response} (?:%{NUMBER:bytes}\|-) %{QS:referrer} %{QS:agent}"]
	}
	}

	output {
	elasticsearch {
	host => "HOSTNAME"
	index=>"ngx-access-%{+YYYY.MM.DD}"
	index_type => "nginx"
	cluster=>"ELASTICSEARCH CLUSTER NAME"
	}
	}