To facilitate quantitative analysis of nginx access logs, filter matches using logstash 1. Determine nginx log format log_format access ' $remote _addr - $remote _user [$time _local] ' ' $http _host $request _method $uri ' ' $status $body _bytes_sent ' ' $upstream _status $upstream _addr $request _time ' ' $upstream _response_time $http _user_agent '; 2. Use logstash grok to match the log filter { if [type] == ' mobile-access ' { #message The matching pattern is easy to read split into multiple lines of writing, in the configuration file is actuallyA line of grok { match =>[ "message", '%{ipv4:remote_addr} - (%{ username:user}|-) \[%{httpdate:nginx_timestamp}\]%{ hostname:http_host} %{word:request_method} %{ Uripath:uri}%{base10num:http_status} %{base10num: Body_bytes_sent:int} (%{base10num:upstream_status}|-) (?:%{hostport:upstream_addr}|-) (%{base16float:request_time}|-) (%{base16float:upstream_response_time}|-) ( Logstash grok analysis Nginx access log