Data Source: Nginx Access

Date: 2024-07-18

ID: c716a418-eab3-4df5-9dff-5420174e3068

Author: Patrick Bareiss, Splunk

Description

Data source object for Nginx Access

Details

Property	Value
Source	`/var/log/nginx/access.log`
Sourcetype	`nginx:plus:kv`

Event Fields

+ Fields

  <span class="pill kill-chain">_time</span>
  
  <span class="pill kill-chain">action</span>
  
  <span class="pill kill-chain">app</span>
  
  <span class="pill kill-chain">bytes</span>
  
  <span class="pill kill-chain">bytes_in</span>
  
  <span class="pill kill-chain">bytes_out</span>
  
  <span class="pill kill-chain">category</span>
  
  <span class="pill kill-chain">date_hour</span>
  
  <span class="pill kill-chain">date_mday</span>
  
  <span class="pill kill-chain">date_minute</span>
  
  <span class="pill kill-chain">date_month</span>
  
  <span class="pill kill-chain">date_second</span>
  
  <span class="pill kill-chain">date_wday</span>
  
  <span class="pill kill-chain">date_year</span>
  
  <span class="pill kill-chain">date_zone</span>
  
  <span class="pill kill-chain">dest</span>
  
  <span class="pill kill-chain">dest_ip</span>
  
  <span class="pill kill-chain">dest_port</span>
  
  <span class="pill kill-chain">eventtype</span>
  
  <span class="pill kill-chain">host</span>
  
  <span class="pill kill-chain">http_content_type</span>
  
  <span class="pill kill-chain">http_method</span>
  
  <span class="pill kill-chain">http_referer</span>
  
  <span class="pill kill-chain">http_user_agent</span>
  
  <span class="pill kill-chain">http_user_agent_length</span>
  
  <span class="pill kill-chain">http_x_forwarded_for</span>
  
  <span class="pill kill-chain">http_x_header</span>
  
  <span class="pill kill-chain">https</span>
  
  <span class="pill kill-chain">index</span>
  
  <span class="pill kill-chain">linecount</span>
  
  <span class="pill kill-chain">nginx_version</span>
  
  <span class="pill kill-chain">product</span>
  
  <span class="pill kill-chain">protocol</span>
  
  <span class="pill kill-chain">punct</span>
  
  <span class="pill kill-chain">request_time</span>
  
  <span class="pill kill-chain">response_time</span>
  
  <span class="pill kill-chain">server</span>
  
  <span class="pill kill-chain">site</span>
  
  <span class="pill kill-chain">source</span>
  
  <span class="pill kill-chain">sourcetype</span>
  
  <span class="pill kill-chain">splunk_server</span>
  
  <span class="pill kill-chain">src</span>
  
  <span class="pill kill-chain">src_ip</span>
  
  <span class="pill kill-chain">status</span>
  
  <span class="pill kill-chain">status_description</span>
  
  <span class="pill kill-chain">status_type</span>
  
  <span class="pill kill-chain">tag</span>
  
  <span class="pill kill-chain">tag::eventtype</span>
  
  <span class="pill kill-chain">time_local</span>
  
  <span class="pill kill-chain">timeendpos</span>
  
  <span class="pill kill-chain">timestartpos</span>
  
  <span class="pill kill-chain">uri_path</span>
  
  <span class="pill kill-chain">url</span>
  
  <span class="pill kill-chain">url_domain</span>
  
  <span class="pill kill-chain">url_length</span>
  
  <span class="pill kill-chain">vendor</span>
  
  <span class="pill kill-chain">vendor_product</span>
  
  <span class="pill kill-chain">version</span>
  
  <span class="pill kill-chain">web_server</span>
  
</div>

Example Log

1site="www.example.com" server="www.example.com" dest_port="443" dest_ip="192.0.2.1" src="198.51.100.1" src_ip="198.51.100.1" user="-" time_local="22/Feb/2024:13:00:00 -0500" protocol="HTTP/1.1" status="200" bytes_out="1073741000" bytes_in="234" http_referer="-" http_user_agent="python-requests/2.25.1" nginx_version="1.18.0" http_x_forwarded_for="-" http_x_header="-" uri_query="-" uri_path="/wp-json/bricks/v1/render_element" http_method="POST" response_time="0.250" cookie="-" request_time="0.650" category="application/json" https="on"

Source: GitHub | Version: 1