(nginx log) … 192.168.75.130 - - [23/Apr/2017:10:03:34 +0300] "GET /elasticsearch/_site/vendor.js HTTP/1.1" 304 0 "http://sandbox.srv.tuxera.com:3005/elasticsearch/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36" … … {"@timestamp":"2017-04- 23T07:55:37.886Z","beat":{"hostname":"sandbox.srv.tuxera.com","name":"sandbox.srv.tuxera.com","version":"5.2.2"},"input_type":"log","message":"192.168.75. 130 - - [23/Apr/2017:10:03:34 +0300] \"GET /elasticsearch/_site/vendor.js HTTP/1.1\" 304 0 \"http://sandbox.srv.tuxera.com:3005/elasticsearch/\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36\"","offset":1595,"source":"/var/log/nginx/access.log","type":"log"} … Filebeat Log collection Logstash Log processing elasticsearch Log storing Kibana Log visualization access.log ELK stack … {”client”:” 192.168.75.130 ”,”time”:”23/Apr/2017:10:03:34 +0300”, ”request”:”GET”,”path”:” /elasticsearch/_site/vendor.js”,”response”:”304”,”host”:” sandbox.srv.tuxera.com”,”client”:”\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36\"”, ”beat”:{"hostname" : " sandbox.srv.tuxera.com","name" : " sandbox.srv.tuxera.com ","version" : "5.2.2”, "offset":1595,"source":"/var/log/nginx/access.log","type":"log"}} … … { "_index" : ”logstash-2017-04-23", "_type" : ”log", "_id" : "AVmDwg6kHxnroGLuXlMG", "_version" : 1, "found": true, "_source" : {”client”:” 192.168.75.130 ”,”time”:”23/Apr/2017:10:03:34 +0300”, ”request”:”GET”,”path”:” /elasticsearch/_site/vendor.js”,”response”:”304”,”host”:” sandbox.srv.tuxera.com”,”client”:”\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36\"”, ”beat”:{"hostname" : " sandbox.srv.tuxera.com","name" : " sandbox.srv.tuxera.com ","version" : "5.2.2”, "offset":1595,"source":"/var/log/nginx/access.log","type":"log"}}}