I can't get my NGINX logs to be parsable by logstash.
NGINX config:
log_format main '"$http_x_forwarded_for - $remote_user [$time_local]" "$host" "$request" "$status" "$bytes_sent" "$http_referer" "$http_user_agent" "$cookie_client_id" "$request_time"';
Example log line:
"194.76.219.19 - - [17/Apr/2018:09:58:39 +0200]" "www.example.com" "GET /?ping HTTP/1.1" "200" "62786" "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36" "3294aeff1d3031a4c880ac7497688473" "0.409"
Currently I'm getting messages like:
Provided Grok expressions do not match field value: ["194.76.219.19 - - [17/Apr/2018:09:58:39 +0200]" "www.example.com" "GET /?ping HTTP/1.1" "200" "62786" "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36" "3294aeff1d3031a4c880ac7497688473" "0.409"]