Unable to convert Nginx access logs in Json Format

Question

This is my nginx log format:

$my_ip - - [12/Dec/2017:12:00:08 +0000] "GET / HTTP/1.1" 200 64972 "http://example.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/604.4.7 (KHTML, like Gecko) Version/11.0.2 Safari/604.4.7"

I am using Ubuntu 14.04.3 LTS and nginx version: nginx/1.4.6 (Ubuntu).

I have added this in my nginx configuration:

log_format le_json '{"time": "$time_iso8601", '
         '"remote_addr": "$remote_addr", '
         '"remote_user": "$remote_user", '
         '"body_bytes_sent": "$body_bytes_sent", '
         '"request_time": "$request_time", '
         '"status": "$status", '
         '"request": "$request", '
         '"request_method": "$request_method", '
         '"http_referrer": "$http_referer", '
         '"http_user_agent": "$http_user_agent"}';
access_log /var/log/nginx/access.log le_json;

Reference link: https://blog.rapid7.com/2014/08/12/json-logging-in-apache-and-nginx-with-logentries/

I need to parse these logs to logstash in json format.

After adding restarted nginx but nothing changed. Same log format, can someone help?

Where do you use the tagged loggly service in your question? It seems unrelated here. — Filnor, Dec 12 '17 at 12:45

score 0 · Answer 1 · answered Dec 25 '17 at 16:19

0

Why are you doing it like this? Just grok the logs in logstash and you will get them in json format or whatever output format you want.

answered Dec 25 '17 at 16:19

opentokix

843
1
5
11

1

if you put them in json format already, perhaps you can send straigth to loggly and skip logstash which is a resource hog. – mr1031011 Sep 16 '18 at 12:25

Unable to convert Nginx access logs in Json Format

1 Answers1