Parse nginx accounting module log using GROK



Now, I am trying to parse log generated by nginx accounting module ( And then insert the data into influxDB

Sample data

telegraf conf

In this example, I’d like to parse “statuses” data as key:value. The influx data looks like below

Processor’s logfmt does not work. Is there any other method ? Please share the config sample.


I don’t think it is possible with this format, it can’t be done with grok because of the dynamic number of fields, and logfmt does not support these delimiters. Any chance you could modify the format of the statuses?


Thank for your reply.
I found another workaround using processors.strings.replace provided from 1.9.x. This is RC version.
There is another problem. When I use processors.strings.replace, it doesn’t work basicstats aggregation plugin.