默认ELK时间轴
1. 以发送日志的时间为准
2. 而Nginx上本身记录着用户的访问时间
3. 分析Nginx上的日志以用户的访问时间为准,而不以发送日志的时间
Logstash分析所有Nginx日志
[root@server12 ~]# vim /usr/local/logstash-6.6.0/config/logstash.conf
input {
file {
path => “/usr/local/nginx/logs/access.log”
start_position => “beginning”
sincedb_path => “/dev/null”
}
}
[root@server12 ~]# kill -1 ps aux | grep logstash | awk '{print $2}'
GET /_cat/indices?v
DELETE /logstash-2022.03.12
DELETE /logstash-2022.03.13
Logstash的filter里面加入配置13/Mar/2022:11:42:21 +0800
[root@server12 ~]# vim /usr/local/logstash-6.6.0/config/logstash.conf
filter {
grok {
match => {
“message” => ‘(?
}
remove_field => [“message”,”@version”,”path”]
}
date {
match => [“requesttime”, “dd/MMM/yyyy:HH:mm:ss Z”]
target => “@timestamp”
}
}
[root@server12 ~]# kill -1 ps aux | grep logstash | awk '{print $2}'
[root@server12 ~]# cat /usr/local/nginx/logs/access.log | awk ‘{print $4}’
[13/Mar/2022:11:57:12
[13/Mar/2022:11:57:12
[13/Mar/2022:11:57:37
[13/Mar/2022:11:57:37
[13/Mar/2022:11:57:37
[13/Mar/2022:11:57:37
统计Nginx的请求和网页显示进行对比
cat /usr/local/nginx/logs/access.log |awk ‘{print $4}’|cut -b 1-19|sort |uniq -c
不同的时间格式,覆盖的时候格式要对应
4. 13/Mar/2022:11:42:21 -> dd/MMM/yyyy:HH:mm:ss
5. 2022-03-13 18:05:39,830 -> yyyy-MM-dd HH:mm:ss,SSS
[root@server12 ~]# echo ‘192.168.10.1 - - [13/xxx/2022:12:12:54 +0800] “GET / HTTP/1.1” 304 0 “-“ “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36”‘ >> /usr/local/nginx/logs/access.log
若有收获,就点个赞吧
0 人点赞
