Logstash
input {
file {
path => "/var/log/nginx/access.log"
type => "main"
codec => "json"
}
}
output {
elasticsearch {
hosts => ["http://localhost:9200"]
index => "logstash-%{+YYYY.MM.dd}"
user => elastic
password => password
}
}
input {
beats {
port => 5044
codec => "json"
}
}
filter {
json {
source => "message"
}
}
output {
elasticsearch {
hosts => ["http://localhost:9200"]
index => "logstash-%{+YYYY.MM.dd}"
user => elastic
password => password
}
}
Filebeat
filebeat.inputs:
- type: log
enabled: true
paths:
- /var/log/nginx/access.log
json.keys_under_root: true
json.add_error_key: true
filebeat.config.modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
setup.template.settings:
index.number_of_shards: 1
setup.kibana:
host: "xxx.xxx.xxx.xxx:5601"
output.logstash:
enabled: true
hosts: ["xxx.xxx.xxx.xxx:5044"]
processors:
- add_host_metadata:
when.not.contains.tags: forwarded
- add_cloud_metadata: ~
- add_docker_metadata: ~
- add_kubernetes_metadata: ~