openstack-ansible-ops/elk_metrics_6x/templates/19-nginx.conf

filter {
  if "nginx" in [tags] {
    if "nginx-access" in [tags] {
      grok {
        patterns_dir => ['/opt/logstash/patterns']
        match => {
          "message" => "%{IP:client_ip} - %{USER:client_user} \[%{NGINX_TIMESTAMP:timestamp}\]  \"%{WORD:verb} %{NOTSPACE:request} HTTP/%{NUMBER:http_version}\" %{INT:response_code} %{INT:bytes} %{QUOTEDSTRING:referer} %{QUOTEDSTRING:user_agent} %{QUOTEDSTRING:gzip_ratio}"
        }
      }
      geoip {
        source => "clientip"
      }
    }
    if "nginx-error" in [tags] {
      grok {
        patterns_dir => ['/opt/logstash/patterns']
        match => {
          "message" => "%{NGINX_ERROR_TIMESTAMP:timestamp} \[%{LOGLEVEL:loglevel}\] %{GREEDYDATA:error_msg}"
        }
      }
    }
  }
}