What is this log nginx grok pattern

omid · November 21, 2017, 12:34pm

Hi
what is this log nginx grok pattern !?

100.100.100.100 - - [21/Nov/2017:11:04:13 +0330] "GET /bookmarklet.js?1511247 HTTP/1.0" 200 16077 "http://mywebsite.ir/video/3911/خانه" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36" length 1263 rtime 0.059 uri /index.php realip 10.11.12.13

log_format main '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent "$http_referer" '
'"$http_user_agent" length $request_length rtime $request_time uri $uri'
' realip $http_x_real_ip';

theuntergeek · November 21, 2017, 2:31pm

I recommend not using grok, if you can control that log_format. Use pipe delimiters or something else not found in a URL, and then use the dissect filter instead.

system · December 19, 2017, 2:31pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Grok pattern for custome logs Logstash	1	895	September 28, 2018
How I can read this nginx format with logstash? Logstash	2	478	May 15, 2018
Please help with grok pattern Logstash	8	1900	April 11, 2018
Logstash grok pattern for custom nginx access log Logstash	1	687	August 15, 2022
Grok patterns for nginx Elasticsearch	2	154	October 10, 2023

What is this log nginx grok pattern

Related Topics