logstash 处理nginx 访问日志

[root@dr-mysql01 frontend]# cat logstash_frontend.conf
input {
file {
type => "zj_frontend_access"
path => ["/data01/applog_backup/zjzc_log/zj-frontend0*access*"]
}

file {
type => "wj_frontend_access"
path => ["/data01/applog_backup/winfae_log/wj-frontend0*access*"]
}

}
filter {
grok {
match => {
"message" => "%{IPORHOST:clientip} \[%{HTTPDATE:time}\] \"%{WORD:verb} %{URIPATHPARAM:request} HTTP/%{NUMBER:httpversion}\" %{NUMBER:http_status_code} %{NUMBER:bytes} \"(?<http_referer>\S+)\" \"(?<http_user_agent>\S+)\" \"(?<http_x_forwarded_for>\S+)\""
}
}
}

output {
if [type] == "zj_frontend_access" {
redis {
host => "192.168.32.67"
data_type => "list"
key => "zj_frontend_access:redis"
port=>"6379"
password => "1234567"
}
}
else if [type] == "wj_frontend_access"{
redis {
host => "192.168.32.67"
data_type => "list"
key => "wj_frontend_access:redis"
port=>"6379"
password => "1234567"
}
}
}

[root@dr-mysql01 frontend]# cat logstash_indexer.conf
input {

redis {
host => "192.168.32.67"
data_type => "list"
key => "zj_frontend_access:redis"
password => "1234567"
port =>"6379"
}

redis {
host => "192.168.32.67"
data_type => "list"
key => "wj_frontend_access:redis"
password => "1234567"
port =>"6379"
}

}
output {
if   [type] == "zj_frontend_access"{
elasticsearch {
hosts => "192.168.32.80:9200"
index => "logstash-zjzc-frontend-%{+YYYY.MM.dd}"
}
stdout {
codec => rubydebug
}
}
else if  [type] == "wj_frontend_access"{
elasticsearch {
hosts => "192.168.32.81:9200"
index => "logstash-wj-frontend-%{+YYYY.MM.dd}"
}
stdout {
codec => rubydebug
}

}

}