NOTE: You are looking at documentation for an older release. For the latest information, see the current release documentation.
Nginx fieldsedit
Module for parsing the Nginx log files.
nginx fieldsedit
Fields from the Nginx log files.
access fieldsedit
Contains fields for the Nginx access logs.
-
nginx.access.remote_ip_list
-
type: array
An array of remote IP addresses. It is a list because it is common to include, besides the client IP address, IP addresses from headers like
X-Forwarded-For
. See also theremote_ip
field. -
nginx.access.remote_ip
-
type: keyword
Client IP address. The first public IP address from the
remote_ip_list
array. If no public IP addresses are present, this field contains the first private IP address from theremote_ip_list
array. -
nginx.access.user_name
-
type: keyword
The user name used when basic authentication is used.
-
nginx.access.method
-
type: keyword
example: GET
The request HTTP method.
-
nginx.access.url
-
type: keyword
The request HTTP URL.
-
nginx.access.http_version
-
type: keyword
The HTTP version.
-
nginx.access.response_code
-
type: long
The HTTP response code.
-
nginx.access.body_sent.bytes
-
type: long
format: bytes
The number of bytes of the server response body.
-
nginx.access.referrer
-
type: keyword
The HTTP referrer.
-
nginx.access.agent
-
type: text
Contains the un-parsed user agent string. Only present if the user agent Elasticsearch plugin is not available or not used.
user_agent fieldsedit
Contains the parsed User agent field. Only present if the user agent Elasticsearch plugin is available and used.
-
nginx.access.user_agent.device
-
type: keyword
The name of the physical device.
-
nginx.access.user_agent.major
-
type: long
The major version of the user agent.
-
nginx.access.user_agent.minor
-
type: long
The minor version of the user agent.
-
nginx.access.user_agent.patch
-
type: keyword
The patch version of the user agent.
-
nginx.access.user_agent.name
-
type: keyword
example: Chrome
The name of the user agent.
-
nginx.access.user_agent.os
-
type: keyword
The name of the operating system.
-
nginx.access.user_agent.os_major
-
type: long
The major version of the operating system.
-
nginx.access.user_agent.os_minor
-
type: long
The minor version of the operating system.
-
nginx.access.user_agent.os_name
-
type: keyword
The name of the operating system.
-
nginx.access.user_agent.original
-
type: text
Original user agent value before parsing by ingest-user-agent plugin.
Field is not indexed.
geoip fieldsedit
Contains GeoIP information gathered based on the remote_ip field. Only present if the GeoIP Elasticsearch plugin is available and used.
-
nginx.access.geoip.continent_name
-
type: keyword
The name of the continent.
-
nginx.access.geoip.country_iso_code
-
type: keyword
Country ISO code.
-
nginx.access.geoip.location
-
type: geo_point
The longitude and latitude.
-
nginx.access.geoip.region_name
-
type: keyword
The region name.
-
nginx.access.geoip.city_name
-
type: keyword
The city name.
-
nginx.access.geoip.region_iso_code
-
type: keyword
Region ISO code.
error fieldsedit
Contains fields for the Nginx error logs.
-
nginx.error.level
-
type: keyword
Error level (e.g. error, critical).
-
nginx.error.pid
-
type: long
Process identifier (PID).
-
nginx.error.tid
-
type: long
Thread identifier.
-
nginx.error.connection_id
-
type: long
Connection identifier.
-
nginx.error.message
-
type: text
The error message