forked from jbsky/graylog
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathextractor_Nginx.json
More file actions
97 lines (97 loc) · 3.1 KB
/
extractor_Nginx.json
File metadata and controls
97 lines (97 loc) · 3.1 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
{
"extractors": [
{
"title": "Nginx Extractor format '\"$http_x_forwarded_for\" - $remote_user [$time_local] \"host: $host\" \"$request\" ' '$status $body_bytes_sent \"$http_referer\" ' '\"$http_user_agent\" $request_time \"$http_x_forwarded_proto\"'",
"extractor_type": "grok",
"converters": [],
"order": 0,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "",
"extractor_config": {
"grok_pattern": "nginx: \"%{IPORHOST:SourceNginxIP}\" - - \\[%{HTTPDATE:http_date}\\] \"host: %{HOSTNAME:http_hostname}\" \"%{WORD:http_method} %{URIPATH:uripath} %{DATA:http_version}\" %{INT:http_coderetour} %{INT:http_length} \"%{DATA:http_url}\" \"%{DATA:http_useragent}\" %{BASE16FLOAT:http_timeelapsed} \"%{WORD:http_backendproto}\""
},
"condition_type": "regex",
"condition_value": "^nginx: \".*"
},
{
"title": "SourceNginxIP geo-lookup-country",
"extractor_type": "lookup_table",
"converters": [],
"order": 0,
"cursor_strategy": "copy",
"source_field": "SourceNginxIP",
"target_field": "SourceNginxCountry",
"extractor_config": {
"lookup_table_name": "geo-lookup-country"
},
"condition_type": "none",
"condition_value": ""
},
{
"title": "SourceNginxIP geo-lookup-city",
"extractor_type": "lookup_table",
"converters": [],
"order": 0,
"cursor_strategy": "copy",
"source_field": "SourceNginxIP",
"target_field": "SourceNginxCity",
"extractor_config": {
"lookup_table_name": "geo-lookup-city"
},
"condition_type": "none",
"condition_value": ""
},
{
"title": "SourceNginxIP geo-lookup-asn",
"extractor_type": "lookup_table",
"converters": [],
"order": 0,
"cursor_strategy": "copy",
"source_field": "SourceNginxIP",
"target_field": "SourceNginxASN",
"extractor_config": {
"lookup_table_name": "geo-lookup-asn"
},
"condition_type": "none",
"condition_value": ""
},
{
"title": "SourceNginxCity -> City",
"extractor_type": "copy_input",
"converters": [],
"order": 0,
"cursor_strategy": "copy",
"source_field": "SourceNginxCity",
"target_field": "City",
"extractor_config": {},
"condition_type": "none",
"condition_value": ""
},
{
"title": "SourceNginxCountry -> Country",
"extractor_type": "copy_input",
"converters": [],
"order": 0,
"cursor_strategy": "copy",
"source_field": "SourceNginxCountry",
"target_field": "Country",
"extractor_config": {},
"condition_type": "none",
"condition_value": ""
},
{
"title": "SourceNginxASN -> ASN",
"extractor_type": "copy_input",
"converters": [],
"order": 0,
"cursor_strategy": "copy",
"source_field": "SourceNginxASN",
"target_field": "Country",
"extractor_config": {},
"condition_type": "none",
"condition_value": ""
}
],
"version": "5.0.0"
}