NGINX Access Log Parser

Mert · March 2, 2020, 3:38pm

Hi everyone,

Here is what I’ve managed so far

/etc/nginx/nginx.conf

    log_format custom '$remote_addr - $remote_user [$time_local]'
                  '"$request" $status $body_bytes_sent'
                  '"$http_referer" "$http_user_agent"'
                  '$request_time $upstream_connect_time';

/etc/telegraf/telegraf.d/logparser.conf

  [inputs.logparser.grok]
    patterns = ["%{CUSTOM_LOG}"]
    custom_patterns = '''
        CUSTOM_LOG %{CLIENT:client_ip} %{NOTSPACE:ident} %{NOTSPACE:auth} \[%{HTTPDATE:ts:ts-httpd}\]"(?:%{WORD:verb:tag} %{NOTSPACE:request}(?: HTTP/%{NUMBER:http_version:float})?|%{DATA})" %{NUMBER:resp_code:tag} (?:%{NUMBER:resp_bytes:int}|-)%{QS:referrer} %{QS:agent}%{NUMBER:request_time:float} %{NUMBER:upstream_connect_time:float}
    '''

I got data in influxdb as I wanted but sometimes I got this result “Grok no match found for …”

tail -f /var/log/telegraf/telegraf.log

Grok no match found for: "<ip> - - [02/Mar/2020:18:35:55 +0300]\"GET / HTTP/1.1\" 301 169\"-\" \"Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko\"0.000 -"

Do you have any suggestion?

Topic		Replies	Views
Telegraf is not reading Nginx access log file data Telegraf grok , nginx	5	3373	December 23, 2021
Parse a custom log using telegraf logparser input Telegraf telegraf	6	13527	February 18, 2022
Need to parse a log file with logparser Telegraf telegraf	1	758	June 25, 2020
Parse nginx accounting module log using GROK Telegraf telegraf	12	1814	December 17, 2018
Need help with logparser Telegraf telegraf	1	682	February 5, 2020

NGINX Access Log Parser

Related topics