lnav/src/formats/elb_log.json at master · tstack/lnav · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
{
    "$schema": "https://lnav.org/schemas/format-v1.schema.json",
    "elb_log": {
        "title": "Amazon ELB log",
        "description": "Log format for Amazon Elastic Load Balancers",
        "url": "http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/access-log-collection.html",
        "regex": {
            "std": {
                "pattern": "^(?<timestamp>\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{6}Z) (?<elb>[^ ]+) (?<client_ip>[\\w\\.:]+):(?<client_port>\\d+) (?<backend_ip>[\\w\\.:]+):(?<backend_port>\\d+) (?<request_processing_time>\\d+(\\.\\d+)?) (?<backend_processing_time>\\d+(\\.\\d+)?) (?<response_processing_time>\\d+(\\.\\d+)?) (?<elb_status_code>\\d+|-) (?<backend_status_code>\\d+|-) (?<received_bytes>\\d+) (?<sent_bytes>\\d+) \"(?:\\-|(?<cs_method>\\w+|-) (?<cs_uri_whole>(?<cs_uri_stem>(?:(?<cs_uri_scheme>https|http)?://)?(?:(?<cs_uri_hostname>[^:]+):(?<cs_uri_port>\\d+)?)?(?<cs_uri_path>[^ \\?]+)?)(?:\\?(?<cs_uri_query>[^ ]*))?) (?<cs_version>[\\w/\\.]+|-)\\s*)\" \"(?<user_agent>[^\"]+)\" (?<ssl_cipher>[\\w-]+) (?<ssl_protocol>[\\w\\.-]+)(?<body>.*)"
            }
        },
        "level-field": "elb_status_code",
        "level": {
            "error": "^[^123].*"
        },
        "opid": {
            "description": {
                "std": {
                    "format": [
                        {
                            "field": "client_ip"
                        },
                        {
                            "field": "user_agent"
                        }
                    ]
                }
            }
        },
        "value": {
            "elb": {
                "kind": "string",
                "identifier": true
            },
            "client_ip": {
                "kind": "string",
                "collate": "ipaddress",
                "identifier": true
            },
            "client_port": {
                "kind": "integer",
                "foreign-key": true
            },
            "backend_ip": {
                "kind": "string",
                "collate": "ipaddress",
                "identifier": true
            },
            "backend_port": {
                "kind": "integer",
                "foreign-key": true
            },
            "request_processing_time": {
                "kind": "float"
            },
            "backend_processing_time": {
                "kind": "float"
            },
            "response_processing_time": {
                "kind": "float"
            },
            "elb_status_code": {
                "kind": "integer",
                "foreign-key": true
            },
            "backend_status_code": {
                "kind": "integer",
                "foreign-key": true
            },
            "received_bytes": {
                "kind": "integer"
            },
            "sent_bytes": {
                "kind": "integer"
            },
            "cs_method": {
                "kind": "string",
                "identifier": true
            },
            "cs_uri_stem": {
                "kind": "string",
                "identifier": true
            },
            "cs_uri_query": {
                "kind": "string"
            },
            "cs_version": {
                "kind": "string",
                "identifier": true
            },
            "user_agent": {
                "kind": "string",
                "identifier": true
            },
            "ssl_cipher": {
                "kind": "string",
                "identifier": true
            },
            "ssl_protocol": {
                "kind": "string",
                "identifier": true
            },
            "cs_uri_whole" : {
                "kind" : "string",
                "identifier" : true
            },
            "cs_uri_scheme" : {
                "kind" : "string",
                "identifier" : true
            },
            "cs_uri_hostname" : {
                "kind" : "string",
                "identifier" : true
            },
            "cs_uri_port" : {
                "kind" : "string",
                "identifier" : true
            },
            "cs_uri_path" : {
                "kind" : "string",
                "identifier" : true
            }
        },
        "sample": [
            {
                "line": "2015-11-17T05:45:24.077255Z elastic-prod 54.161.222.121:40909 10.231.68.180:443 0.000031 0.009511 0.000029 200 200 0 415 \"GET https://example.com/foo/bar?baz=1234 HTTP/1.1\" \"test agent\" ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2"
            },
            {
                "line": "2015-05-13T23:39:43.945958Z my-loadbalancer 192.168.131.39:2817 10.0.0.1:80 0.000073 0.001048 0.000057 200 200 0 29 \"GET http://www.example.com:80/ HTTP/1.1\" \"curl/7.38.0\" - -"
            },
            {
                "line": "2015-05-13T23:39:43.945958Z my-loadbalancer 192.168.131.39:2817 10.0.0.1:80 0.000086 0.001048 0.001337 200 200 0 57 \"GET https://www.example.com:443/ HTTP/1.1\" \"curl/7.38.0\" DHE-RSA-AES128-SHA TLSv1.2"
            },
            {
                "line": "2015-05-13T23:39:43.945958Z my-loadbalancer 192.168.131.39:2817 10.0.0.1:80 0.001069 0.000028 0.000041 - - 82 305 \"- - - \" \"-\" - -"
            },
            {
                "line": "2015-05-13T23:39:43.945958Z my-loadbalancer 192.168.131.39:2817 10.0.0.1:80 0.001065 0.000015 0.000023 - - 57 502 \"- - - \" \"-\" ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2"
            }
        ]
    }
}