input {
  file {
    path => "/var/log/nginx/access.log"  # 输入文件路径
    start_position => "beginning"        # 从文件开头读取
    sincedb_path => "/dev/null"          # 禁用sincedb记录（测试用）
  }
   beats {
    host => "192.168.7.16"   # ← 监听指定 IP
    port => 9600
  }
  tcp {
    port => 9011
    host => "192.168.7.16"
  }
}

filter {
  grok {
    match => { "message" => "%{COMBINEDAPACHELOG}" }  # 解析Nginx日志格式
  }
  date {
    match => [ "timestamp", "dd/MMM/yyyy:HH:mm:ss Z" ]  # 转换时间字段
  }
}

output {
  elasticsearch {
    hosts => ["http://localhost:9200"]  # Elasticsearch地址
    index => "nginx-logs-%{+YYYY.MM.dd}"  # 按天创建索引
  }
  stdout { codec => rubydebug }  # 同时输出到控制台（可选）
}

vi /etc/logstash/conf.d/file-to-es.con