logstash 아파치 엑세스 로그 필터

input {  

  beats { 

    port => 5044 

  } 

} 

 

 

filter {   

  grok { 

    match => { "message" => ["%{COMBINEDAPACHELOG} %{NUMBER:time}"]} 

  } 

  grok { 

    match => { "request" => ["%{URIPATH:uripath}"] } 

  } 

  grok { 

    match => { "referrer" => ["%{URIPROTO}://%{IPORHOST:referrer_host}(?::%{POSINT})?%{URIPATH:referrer_uripath}"] } 

  } 

  date { 

    match => [ "timestamp", "dd/MMM/yyyy:HH:mm:ss Z" ] 

    target => "@timestamp" 

  } 

  kv { 

    source => "request" 

    field_split => "&?" 

    include_keys => ["name"] 

  } 

  kv { 

    source => "cookie" 

    field_split => "; " 

    include_keys => [ "id"]    

  } 

  useragent { 

    source => "agent" 

    prefix => "a_" 

  } 

  

  ruby { 

    code => "event['index_day'] = event['@timestamp'].time.localtime.strftime('%Y%m%d')" 

  } 

  mutate { 

    convert => { 

       "time" => "integer" 

       "bytes" => "integer"}     

  } 

} 

 

 

output { 

        

                elasticsearch { 

                        hosts => "localhost:9200" 

                        manage_template => false 

                        index => "acc_test2" 

                        document_type => "%{[@metadata][type]}" 

} 

} 

결과

접속 카운트와 ip정보로 가져온 위치 정보