Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Default nginx log format (combined) and grok pattern
log_format combined '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
NGINX_ACCESS %{IPORHOST:remote_addr} - %{USERNAME:remote_user} \[%{HTTPDATE:time_local}\] \"%{DATA:request}\" %{INT:status} %{NUMBER:bytes_sent} \"%{DATA:http_referer}\" \"%{DATA:http_user_agent}\"
input {
file {
type => "nginx"
start_position => "beginning"
path => [ "/var/log/nginx/*.log" ]
}
}
filter {
if [type] == "nginx" {
grok {
patterns_dir => "/etc/logstash/patterns"
match => { "message" => "%{NGINX_ACCESS}" }
remove_tag => [ "_grokparsefailure" ]
add_tag => [ "nginx_access" ]
}
geoip {
source => "remote_addr"
}
}
}
output {
redis {
host => "<your redis host>"
data_type => "list"
key => "logstash"
codec => json
}
}
@tobiasvl

This comment has been minimized.

Copy link

@tobiasvl tobiasvl commented Sep 27, 2017

Does this pattern do anything that the included COMBINEDAPACHELOG pattern doesn't do, except make sure that USER is -?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment