# CONFIGURED BY ANSIBLE # parse nginx json access logs right away # https://nginx.org/en/docs/http/ngx_http_log_module.html // log_format escape=json [INPUT] name tail path /var/log/nginx/*access*log path_key filename parser json_no_time tag nginx.access alias nginx_access skip_empty_lines on refresh_interval 1 # nginx error logs [INPUT] name tail path /var/log/nginx/*error.log path_key filename parser nginx_error_logs tag nginx.error alias nginx_error skip_empty_lines on refresh_interval 1 [FILTER] name modify match nginx.access # @timestamp is enough for logs remove time_local remove time_iso8601 # no ssl fields when plain-text [FILTER] name modify match nginx.access remove_regex ^ssl_.* condition key_value_equals scheme http # provides page [FILTER] name parser match nginx.access key_name request_uri parser strip_querystr reserve_data true preserve_key true [FILTER] name modify match nginx.* add sensor nginx@{{inventory_hostname_short}} #[OUTPUT] # name file # match nginx # path /var/log # file fluent-bit.log # nginx access logs [OUTPUT] name es match nginx.access host {{log_host}} port {{log_port}} path /_bulk compress gzip http_user {{log_http_user}} http_passwd {{log_http_passwd}} index nginx-{{site}}-access #replace_dots on #trace_output on trace_error on tls off # nginx error logs [OUTPUT] name es match nginx.error host {{log_host}} port {{log_port}} path /_bulk compress gzip http_user {{log_http_user}} http_passwd {{log_http_passwd}} index nginx-{{site}}-error #replace_dots on #trace_output on trace_error on tls off