【Logstash 1.5.6】Apache Logs

一、

二、配置文件

[root@hftest0001 conf]# cat first-pipeline.conf
input{
	file{
		path => "/opt/logstash-data/logstash-tutorial-dataset"
		start_position => beginning
	}
}

filter{
	grok{
		match => {
			"message" => "%{COMBINEDAPACHELOG}"    =>grok, %{COMBINEDAPACHELOG} 正在分隔
		}
	}

	geoip{
		source => "clientip"                           =>geoip
	}
}

output{
	stdout{
		codec => rubydebug
	}
}

input:
83.149.9.216 - - [04/Jan/2015:05:13:42 +0000] "GET /presentations/logstash-monitorama-2013/images/kibana-search.png HTTP/1.1" 200 203023 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36"

output:
{
        "message" => "83.149.9.216 - - [04/Jan/2015:05:13:42 +0000] \"GET /presentations/logstash-monitorama-2013/images/kibana-search.png HTTP/1.1\" 200 203023 \"http://semicomplete.com/presentations/logstash-monitorama-2013/\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36\"",
       "@version" => "1",
     "@timestamp" => "2016-04-06T07:50:23.972Z",
           "host" => "hftest0001.webex.com",
           "path" => "/opt/logstash-data/logstash-tutorial-dataset",
       "clientip" => "83.149.9.216",
          "ident" => "-",
           "auth" => "-",
      "timestamp" => "04/Jan/2015:05:13:42 +0000",
           "verb" => "GET",
        "request" => "/presentations/logstash-monitorama-2013/images/kibana-search.png",
    "httpversion" => "1.1",
       "response" => "200",
          "bytes" => "203023",
       "referrer" => "\"http://semicomplete.com/presentations/logstash-monitorama-2013/\"",
          "agent" => "\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36\"",
          "geoip" => {
                      "ip" => "83.149.9.216",
           "country_code2" => "RU",
           "country_code3" => "RUS",
            "country_name" => "Russian Federation",
          "continent_code" => "EU",
             "region_name" => "48",
               "city_name" => "Moscow",
                "latitude" => 55.75219999999999,
               "longitude" => 37.6156,
                "timezone" => "Europe/Moscow",
        "real_region_name" => "Moscow City",
                "location" => [
            [0] 37.6156,
            [1] 55.75219999999999
        ]
    }
}