filebeats 的 Nginx 模块不解析访问日志
Nginx module for filebeats doesn't parse access logs
我正在使用 filebeats 的 nginx 模块将日志数据发送到 elasticsearch。这是我的 filebeats 配置:
output:
logstash:
enabled: true
hosts:
- logstash:5044
timeout: 15
filebeat.modules:
- module: nginx
access:
enabled: true
var.paths: ["/var/log/nginx/access.log"]
error:
enabled: true
var.paths: ["/var/log/nginx/error.log"]
问题是没有解析日志。这是我在 Kibana 中看到的:
{ "_index": "filebeat-2017.07.18", "_type": "log", "_id": "AV1VLXEbhj7uWd8Fgz6M", "_version": 1, "_score": null, "_source": {
"@timestamp": "2017-07-18T10:10:24.791Z",
"offset": 65136,
"@version": "1",
"beat": {
"hostname": "06d09033fb23",
"name": "06d09033fb23",
"version": "5.5.0"
},
"input_type": "log",
"host": "06d09033fb23",
"source": "/var/log/nginx/access.log",
"message": "10.15.129.226 - - [18/Jul/2017:12:10:21 +0200] \"POST /orders-service/orders/v1/sessions/update/FUEL_DISPENSER?api_key=vgxt5u24uqyyyd9gmxzpu9n7 HTTP/1.1\" 200 5 \"-\" \"Mashery Proxy\"",
"type": "log",
"tags": [
"beats_input_codec_plain_applied"
] }, "fields": {
"@timestamp": [
1500372624791
] }, "sort": [
1500372624791 ] }
我缺少已解析的字段,如文档中所述:https://www.elastic.co/guide/en/beats/filebeat/current/exported-fields-nginx.html
为什么不解析日志行?
当您 运行 filebeat -v -modules=nginx -setup 时,它基本上会创建 4 个东西:
- 映射模板
- kibana 仪表板
- 机器学习作业
- 摄取节点中的过滤器
以下是用于解析的过滤器:
- nginx access log
- nginx error log
过滤器存储在摄取节点中。您可以访问它们:
http://YourElasticHost:9200/_ingest/pipeline
所以如果你想解析你的日志,你需要通过摄取节点发送它们。
我正在使用 filebeats 的 nginx 模块将日志数据发送到 elasticsearch。这是我的 filebeats 配置:
output:
logstash:
enabled: true
hosts:
- logstash:5044
timeout: 15
filebeat.modules:
- module: nginx
access:
enabled: true
var.paths: ["/var/log/nginx/access.log"]
error:
enabled: true
var.paths: ["/var/log/nginx/error.log"]
问题是没有解析日志。这是我在 Kibana 中看到的:
{ "_index": "filebeat-2017.07.18", "_type": "log", "_id": "AV1VLXEbhj7uWd8Fgz6M", "_version": 1, "_score": null, "_source": {
"@timestamp": "2017-07-18T10:10:24.791Z",
"offset": 65136,
"@version": "1",
"beat": {
"hostname": "06d09033fb23",
"name": "06d09033fb23",
"version": "5.5.0"
},
"input_type": "log",
"host": "06d09033fb23",
"source": "/var/log/nginx/access.log",
"message": "10.15.129.226 - - [18/Jul/2017:12:10:21 +0200] \"POST /orders-service/orders/v1/sessions/update/FUEL_DISPENSER?api_key=vgxt5u24uqyyyd9gmxzpu9n7 HTTP/1.1\" 200 5 \"-\" \"Mashery Proxy\"",
"type": "log",
"tags": [
"beats_input_codec_plain_applied"
] }, "fields": {
"@timestamp": [
1500372624791
] }, "sort": [
1500372624791 ] }
我缺少已解析的字段,如文档中所述:https://www.elastic.co/guide/en/beats/filebeat/current/exported-fields-nginx.html
为什么不解析日志行?
当您 运行 filebeat -v -modules=nginx -setup 时,它基本上会创建 4 个东西:
- 映射模板
- kibana 仪表板
- 机器学习作业
- 摄取节点中的过滤器
以下是用于解析的过滤器:
- nginx access log
- nginx error log
过滤器存储在摄取节点中。您可以访问它们:
http://YourElasticHost:9200/_ingest/pipeline
所以如果你想解析你的日志,你需要通过摄取节点发送它们。