YUMedit

Download and install the public signing key:

rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch

Add the following in your /etc/yum.repos.d/ directory in a file with a .repo suffix, for example logstash.repo

vi /etc/yum.repos.d/logstash.repo

[logstash-6.x]
name=Elastic repository for 6.x packages
baseurl=https://artifacts.elastic.co/packages/6.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md

And your repository is ready for use. You can install it with:

sudo yum install logstash

vi /etc/logstash/conf.d/nginx_access.conf

input {
    file {
        #这里根据自己日志命名使用正则匹配所有域名访问日志
        path => [ "/data/docker/nginx/logs/nginx_*.log" ]
        ignore_older => 0
    codec => json
    }
}
filter {
    mutate {
      convert => [ "status","integer" ]
      convert => [ "size","integer" ]
      convert => [ "upstreatime","float" ]
      remove_field => "message"
    }
    geoip {
        source => "ip"
    }
}
output {
    elasticsearch {
        hosts => "209.cndo.org:9201"
        index => "logstash-nginx-access-%{+YYYY.MM.dd}"
    }
#    stdout {codec => rubydebug}
}

cd /usr/share/logstash

bin/logstash-plugin install logstash-filter-dissect

bin/logstash-plugin install logstash-output-influxdb

bin/logstash -f  /etc/logstash/conf.d/nginx_access.conf