Issue with logstash configuration

jamesp220291 · November 1, 2018, 2:17pm

Hi All

New to the ELK Stack, I am wanting to use it to parse my nginx access logs.

Having two issue, removing client ip field breaks geoip
and overwriting the message..doesnt work.. it just gives the full message.

My config is below, can anyone see where im going wrong?

filter {
grok {
match => { "message" => "%{WORD:method} %{URIPATHPARAM:request}" }
overwrite => [ "message" ]
}
mutate {
convert => ["response", "integer"]
convert => ["bytes", "integer"]
convert => ["responsetime", "float"]
}
geoip {
source => "clientip"
target => "geoip"
add_tag => [ "nginx-geoip" ]
remove_field => [ "clientip" ]
}
date {
match => [ "timestamp" , "dd/MMM/YYYY:HH:mm:ss Z" ]
remove_field => [ "timestamp" ]
}
useragent {
source => "agent"
}
}

output {
elasticsearch {
hosts => ["localhost:9200"]
index => "weblogs-%{+YYYY.MM.dd}"
document_type => "nginx_logs"
}
stdout { codec => rubydebug }

system · November 29, 2018, 2:17pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash parsing with combinedapachelog pattern for nginx Logstash	1	805	February 5, 2020
Can someone please help me with nginx logstash filter Logstash	11	3257	September 30, 2017
Logstash not parsing default nginx logs Logstash	2	821	October 11, 2019
Logstash parse log nginx not index refresh Logstash	1	415	September 17, 2019
Logstash grok nginx log Logstash	3	441	July 11, 2021

Issue with logstash configuration

Related topics