Hi, i try to install filebeat on web server with config
filebeat:
prospectors:
-
paths:
- /var/log/nginx/access.log
input_type: nginx-access-2
logstash:
hosts: ["10.1.11.171:5044"]
index: filebeat-kibana-srv
And i try to using filter on Logstash with Patterns nginx
NGUSERNAME [a-zA-Z\.\@\-\+_%]+
NGUSER %{NGUSERNAME}
NGINXACCESS %{IPORHOST:clientip} %{NGUSER:ident} %{NGUSER:auth} \[%{HTTPDATE:timestamp}\] "%{WORD:verb} %{URIPATHPARAM:request} HTTP/%{NUMBER:httpversion}" %{NUMBER:response} (?:%{NUMBER:bytes}|-) (?:"(?:%{URI:referrer}|-)"|%{QS:referrer}) %{QS:agent} %{QS:xforwardedfor} %{IPORHOST:host} %{BASE10NUM:request_duration}
And add new file config filter-nginx-access-2.conf
filter {
if [type] == "nginx-access-2" {
grok {
match => { "message" => "%{NGINXACCESS}" }
}
}
}
and this is file config beat with logstash
input {
beats {
port => 5044
}
}
output {
elasticsearch {
hosts => "10.1.11.173:9200"
sniffing => true
manage_template => false
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
}
}
When i try to view log on kibana :
http://www.upsieutoc.com/images/2015/12/19/log.png
In this image, filter not working ???
Can you help me explain that ?
Thanks