Apache Access log Logstash configuration file instance 1

Tag:windows    configuration file    cookie   chrome   

Log format:logformat  "%{clientip}i %l %u %t \"%r\ " %>s %b \"%{Referer}i\ "  \ "%{user-agent}i\"  \ "%{clientip}i.%{cookie}n\" " combined Log instance:183.60.150.34 - -  [23/jun/2017:17:57:52 +0800]  "get /jump/cps.jsp?projectcode=0085001&cid=a200647189%7c% 7c0000&url=http%3a%2f%2fwww.mangocity.com http/1.1 " 302 - " http://myhenan.qq.com/ T-7947749-1.htm " " mozilla/5.0  (windows nt 5.1)  AppleWebKit/537.36  (khtml,  Like gecko)  chrome/47.0.2526.108 safari/537.36 2345explorer/8.6.1.15524 " " 183.60.150.34.10.10.130.100.1498211872045986 "Logstash configuration file:input {           file {                   type =>  "Www_access"                    path => ["/usr/local/elk/elklog/apachelog/log0/ Www.mangocity.com-access_log ","/usr/local/elk/elklog/apachelog/log1/www.mangocity.com-access_log "]           }file {                 type =>  "Ro_access"                  path => ["/usr/local/elk/elklog /apachelog/log0/ro.mangocity.com-access_log ","/usr/local/elk/elklog/apachelog/log1/ro.mangocity.com-access_log "]        }}filter {  grok {     match => {       "Message"  =>  "(%{user:clientip}| %{iporhost:clientip}|%{iporhost:clientip}, %{iporhost})  %{user:ident} %{user:auth} \[%{ httpdate:timestamp}\]  "%{word:verb}&Nbsp;%{data:request} http/%{number:httpversion} " %{NUMBER:response:int}  (?:-| %{number:bytes:int})  %{qs:referrer} %{qs:agent} '     }  }   date {    match => [  "timestamp",  "dd/mmm/yyyy:hh:mm:ss z " ]    locale => en  }  geoip {     source =>  "ClientIP"   }  useragent {     source =>  "Agent"     target =>  "useragent"   }}output  {        redis {                   host =>  "10.10.45.200"                    data_ type =>  "List"   &nbsP;               key =>   "Elk_frontend_access:redis"                    port=> "5379"            }  }

Apache Access log logstash configuration file Instance 1