Need help how to parse such log from Kubernetes nginx pod


(Igor Gerasimow) #1

Hello - desperately asking for help with logs from nginx on kubernetes.

{"log":"10.128.0.21 - - [24/May/2017:10:12:32 +0000] \"GET /pp/apiv2/personprofile/check_summ/na/A%20Bird%20of%20Prey%20 HTTP/1.1\" 200 259 \"-\" \"node-fetch/1.0 (+https://github.com/bitinn/node-fetch)\" \"-\"\n","stream":"stdout","time":"2017-05-24T10:12:32.641649296Z"}

Seems it should be the same as for %{COMBINEDAPACHELOG}+%{GREEDYDATA:extra_fields} - but it does not.
Please HELP.


(Mark Walkom) #2

Have you tried http://grokdebug.herokuapp.com/?


(Magnus B├Ąck) #3

Are you using a json filter or json_lines codec to deserialize the JSON into discrete fields (and applying the grok filter to the log field)?


(Igor Gerasimow) #4

No - i'm not.


(system) #5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.