How I can read this nginx format with logstash?

astropanic · April 17, 2018, 8:07am

I can't get my NGINX logs to be parsable by logstash.

NGINX config:

log_format main '"$http_x_forwarded_for - $remote_user [$time_local]" "$host" "$request" "$status" "$bytes_sent" "$http_referer" "$http_user_agent" "$cookie_client_id" "$request_time"';

Example log line:

"194.76.219.19 - - [17/Apr/2018:09:58:39 +0200]" "www.example.com" "GET /?ping HTTP/1.1" "200" "62786" "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36" "3294aeff1d3031a4c880ac7497688473" "0.409"

Currently I'm getting messages like:

Provided Grok expressions do not match field value: ["194.76.219.19 - - [17/Apr/2018:09:58:39 +0200]" "www.example.com" "GET /?ping HTTP/1.1" "200" "62786" "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36" "3294aeff1d3031a4c880ac7497688473" "0.409"]

Badger · April 17, 2018, 11:52am

I would use dissect rather than grok, but what grok pattern are you trying to use?

system · May 15, 2018, 11:54am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Grok pattern for custome logs Logstash	1	895	September 28, 2018
Logstash grok pattern for custom nginx access log Logstash	1	687	August 15, 2022
_grokparsefailure and I have no idea Logstash	2	246	November 11, 2020
What is this log nginx grok pattern Logstash	2	511	December 19, 2017
Please help with grok pattern Logstash	8	1900	April 11, 2018

How I can read this nginx format with logstash?

Related Topics