我正在寻找解析nginx错误日志文件并将解析后的格式放到elasticsearch中。我能够对access.log做同样的事情,因为它接受log_format指令,但是error.log没有。我有以下我主要感兴趣的示例错误日志:
2018/01/10 06:26:31 [error] 13485#13485: *64285471 limiting connections by zone "rl_conn", client: xx.xx.xx.xx, server: www.xyz.com, request: "GET /api/xyz HTTP/1.1", host: "www.xyz.com"
我想通过一些解析器来解析它,所以我得到json格式,如:
{client: "xx.xx.xx.xx", server: "www.xyz.com", host: "www.xyz.com", "request": "GET /api/xyz HTTP/1.1", reason: "limiting connections by zone "rl_conn""}
有人可以帮忙吗?
答案 0 :(得分:1)
@serut 在这个 Github 问题的底部有一个很好的解决方案:https://github.com/fluent/fluentd/issues/2991
# Use NGINX parse for front logs
<label @PARSENGINX>
<filter front>
@type parser
key_name message
<parse>
@type nginx
</parse>
</filter>
<filter front>
# Handle errors
@type parser
key_name message
<parse>
@type regexp
expression /^(?<logtime>\d{4}\/\d{1,2}\/\d{1,2} \d{1,2}:\d{1,2}:\d{1,2}) (?<log_level>\[[^\s]+\]) (?<message>.*)$/
time_key logtime
time_format %Y/%m/%d %H:%M:%S
</parse>
</filter>
<match **>
@type copy
<store>
@type relabel
@label @OUTPUT
</store>
</match>
</label>