Class: Log2Json::Filters::NginxAccessLogFilter

Inherits:

GrokFilter

• Object
• GrokFilter
• Log2Json::Filters::NginxAccessLogFilter

Defined in:

lib/log2json/filters/nginx_access.rb

Overview

---

Constant Summary

Constants inherited from GrokFilter

GrokFilter::CONFIG, GrokFilter::DEFAULT_PATTERNS

Instance Attribute Summary

Attributes inherited from GrokFilter

#name, #type

Instance Method Summary

• #filter(record) ⇒ Object
• #initialize(name, config = {}) ⇒ NginxAccessLogFilter constructor

  A new instance of NginxAccessLogFilter.

Constructor Details

#initialize(name, config = {}) ⇒ NginxAccessLogFilter

Returns a new instance of NginxAccessLogFilter.

# File 'lib/log2json/filters/nginx_access.rb', line 10

def initialize(name, config={})
  # Thanks to - http://boojapathy.wordpress.com/2012/04/29/logstash-graylog-cant-ask-more-for-logging/
  #
  # 10.33.158.237 - - [12/Apr/2013:13:27:54 -0000] "GET /UEFA/news.json?blackberry_native_version=1.9.4&locale=es HTTP/1.1" 200 6495 "-" "-" "-" "-" "-" cache_status:BYPASS
  # 
  type = config.delete(:type) {'nginx-access'}
  super(type, name, [
    %w[ %{IP:ip}
        (?:%{HOST:host}|-)
        (?:%{USER:user}|-)
        \\\[%{HTTPDATE:datetime}\\\] +"(?:%{WORD:method} %{URIPATHPARAM:path} HTTP/%{NUMBER:version}|%{DATA:request})"
        %{NUMBER:status}
        (?:%{NUMBER:size}|-)
        %{QUOTEDSTRING:referrer}
        %{QUOTEDSTRING:user_agent}
        (?:%{GREEDYDATA:extra_info})
      ].join(' ') ], config
   )
end

Instance Method Details

#filter(record) ⇒ Object

# File 'lib/log2json/filters/nginx_access.rb', line 30

def filter(record)
  return nil if super(record).nil?
  # eg, 23/Nov/2012:19:11:10 +0000
  record['@timestamp'] = DateTime.strptime(record['@fields']['datetime'], "%d/%b/%Y:%T %z")
  record['@fields'].delete('datetime')
  record['@tags'] << "nginx" << "http"
  record
end