Full NGINX Plus Logs in Sumo Logic

You enabled the additional logging per the NGINX documentation for Amplify and now you want to have all the metrics show up in Sumo Logic; right?

Here’s what you came for:

_sourceCategory="NGINX Plus"
| parse regex "^(?\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})"
| parse regex "(?[A-Z]+)\s(?\S+)\sHTTP/[\d\.]+\"\s(?\d+)\s(?[\d-]+)\s\"(?.*?)\"\s\"(?.+?)\"\s\"(?\S+)\"\s\"(?\S+)\"\ssn=\"(?\S+)\"\srt=(?\S+)\sua=\"(?\S+)\"\sus=\"(?\S+)\"\sut=\"(?\S+)\"\sul=\"(?\S+)\"\scs=(?\S+).*"

Want to play around and learn more about RegEx? I recommend you use this site: http://regexr.com/

References:
NGINX Log File Configuration : https://github.com/nginxinc/nginx-amplify-doc/blob/master/amplify-guide.md#additional-nginx-metrics

Leave a Reply