白眉大叔 使用date模块修改日期时间
日志格式:/var/log/nginx/access.log
10.0.0.1 - - [29/May/2023:17:08:22 +0800] "GET /1.html HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36" "-"
10.0.0.1 - - [29/May/2023:20:46:48 +0800] "GET / HTTP/1.1" 200 615 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36 Edg/113.0.1774.57" "-"
10.0.0.1 - - [29/May/2023:20:46:59 +0800] "GET /2323 HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36 Edg/113.0.1774.57" "-"
input {
file {
start_position => "beginning"
path => ["/var/log/nginx/access.log*"]
}
}
filter {
grok {
match => {
"message" => "%{COMMONAPACHELOG}"
}
}
date {
match => [
# "28/May/2023:16:46:15 +0800"
"timestamp", "dd/MMM/yyyy:HH:mm:ss Z"
]
target => "baimei-timestamp"
}
}
output {
elasticsearch {
hosts => ["10.0.0.111:19200","10.0.0.112:19200","10.0.0.113:19200"]
index => "baimei-nginx-access-%{+yyyy.MM.dd}"
}
stdout {
codec => rubydebug
}
}
target 是重新定义一个 字段。
欢迎来撩 : 汇总all
