What is this log nginx grok pattern

Hi
what is this log nginx grok pattern !?

100.100.100.100 - - [21/Nov/2017:11:04:13 +0330] "GET /bookmarklet.js?1511247 HTTP/1.0" 200 16077 "http://mywebsite.ir/video/3911/خانه" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36" length 1263 rtime 0.059 uri /index.php realip 10.11.12.13

log_format main '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent "$http_referer" '
'"$http_user_agent" length $request_length rtime $request_time uri $uri'
' realip $http_x_real_ip';

I recommend not using grok, if you can control that log_format. Use pipe delimiters or something else not found in a URL, and then use the dissect filter instead.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.