Answer the question
In order to leave comments, you need to log in
F
F
FulTupFul2019-03-05 19:35:59
FulTupFul, 2019-03-05 19:35:59
How to upload json log to elasticsearch?
There is an ELK stack with kibana on the front. I want to upload json logs of my uwsgi there.
Uwsgi outputs the following log:
{"timestamp": "2019-03-05T15:00:32", "event": "uwsgi_request", "method": "GET", "uri": "/doc/%D0%A0%D0%B5%D0%BA%D0%B2%D0%B8%D0%B7%D0%B8%D1%82%D1%8B%20%D0%9E%D0%9E%D0%9E.xls", "proto": "HTTP/1.1", "status": 500, "referer": "-", "user_agent": "Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots)", "remote_addr": "141.8.142.12", "http_host": "myhost.com", "pid": 85188, "worker_id": 4, "core": 0, "async_switches": 1, "io_errors": 0, "rq_size": 0, "rs_time_ms": 41, "rs_size": 1092, "rs_header_size": 142, "rs_header_count": 4}I tried to parse using standard logstash tools, but nothing comes out of the output
filter {
if [type] == "nginx_access" {
grok {
match => { "message" => "%{IPORHOST:remote_ip} - %{DATA:user} \[%{HTTPDATE:access_time}\] \"%{WORD:http_method} %{DATA:url} HTTP/%{NUMBER:http_version$
}
}
date {
match => [ "timestamp" , "dd/MMM/YYYY:HH:mm:ss Z" ]
}
geoip {
source => "remote_ip"
target => "geoip"
add_tag => [ "nginx-geoip" ]
}
else if [type] == "django" {
json {
source => "message"
}
}
} 2 answer(s)
@leahch
A
Alexey Cheremisin, 2019-03-05 @leahch
Most likely you need this planin to connect https://www.elastic.co/guide/en/logstash/current/p...
Similar questions
M
S
O
N
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question