logstash grok 收集nginx日志

1.日志格式
```shell
'"$remote_addr"\t"$http_x_forwarded_for"\t"$remote_user"\t"$time_local"\t"$request"\t"$request_time"\t"$status"\t"$body_bytes_sent"\t"$upstream_addr"\t"$upstream_response_time"\t"$http_referer"\t"$http_user_agent"'
```

2.日志内容
```shell
"192.168.1.140"	"-"	"-"	"14/Aug/2019:14:07:28 +0800"	"POST /account/getUserInfo HTTP/1.1"	"0.031"	"200"	"486"	"192.168.1.220:8081"	"0.029"	"http://192.168.1.140/home"	"Mozilla/5.0 (Linux; Android 8.1; Redmi 5 Plus Build/OPM1.171019.019) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Crosswalk/23.53.589.4 Mobile Safari/537.36"
```

3.grok规则
```shell
"%{IPORHOST:clientip}"\s"(?:%{IPORHOST:http_x_forwarded_for}|-)"\s"%{USER:auth}"\s"%{HTTPDATE:timestamp}"\s"%{WORD:verb} %{URIPATHPARAM:request} HTTP/%{NUMBER:httpversion}"\s"%{NUMBER:request_time}"\s"%{INT:status}"\s"%{INT:body_bytes_sent}"\s"(?:%{HOSTPORT:upstream}|-)"\s"%{DATA:resp_body}"\s"%{NUMBER:upstream_response_time}"\s"%{DATA:referer}"\s"%{DATA:agent}"
```

4.日志格式
```shell
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for" $request_time $upstream_response_time';

%{IPORHOST:clientip} - - \[%{HTTPDATE:timestamp}\] "%{WORD:verb} %{URIPATHPARAM:request} HTTP/%{NUMBER:httpversion}" %{INT:status} %{INT:body_bytes_sent} "%{DATA:referer}" "%{DATA:http_user_agent}" "(?:%{IPORHOST:http_x_forwarded_for}|-)" %{NUMBER:request_time} (?:%{NUMBER:upstream_response_time}|-) 
```