New

The executive guide to generative AI

Read more

Nginx Fields

edit

Module for parsing the Nginx log files.

nginx Fields

edit

Fields from the Nginx log files.

access Fields

edit

Contains fields for the Nginx access logs.

nginx.access.remote_ip_list

edit

type: list

An array of remote IP addresses. It is a list because it is common to include, besides the client IP address, IP addresses from headers like X-Forwarded-For. See also the remote_ip field.

nginx.access.remote_ip

edit

type: keyword

Client IP address. The first public IP address from the remote_ip_list array. If no public IP addresses are present, this field contains the first private IP address from the remote_ip_list array.

nginx.access.user_name

edit

type: keyword

The user name used when basic authentication is used.

nginx.access.method

edit

type: keyword

example: GET

The request HTTP method.

nginx.access.url

edit

type: keyword

The request HTTP URL.

nginx.access.http_version

edit

type: keyword

The HTTP version.

nginx.access.response_code

edit

type: long

The HTTP response code.

nginx.access.body_sent.bytes

edit

type: long

format: bytes

The number of bytes of the server response body.

nginx.access.referrer

edit

type: keyword

The HTTP referrer.

nginx.access.agent

edit

type: text

Contains the un-parsed user agent string. Only present if the user agent Elasticsearch plugin is not available or not used.

user_agent Fields

edit

Contains the parsed User agent field. Only present if the user agent Elasticsearch plugin is available and used.

nginx.access.user_agent.device

edit

type: keyword

The name of the physical device.

nginx.access.user_agent.major

edit

type: long

The major version of the user agent.

nginx.access.user_agent.minor

edit

type: long

The minor version of the user agent.

nginx.access.user_agent.patch

edit

type: keyword

The patch version of the user agent.

nginx.access.user_agent.name

edit

type: keyword

example: Chrome

The name of the user agent.

nginx.access.user_agent.os

edit

type: keyword

The name of the operating system.

nginx.access.user_agent.os_major

edit

type: long

The major version of the operating system.

nginx.access.user_agent.os_minor

edit

type: long

The minor version of the operating system.

nginx.access.user_agent.os_name

edit

type: keyword

The name of the operating system.

geoip Fields

edit

Contains GeoIP information gathered based on the remote_ip field. Only present if the GeoIP Elasticsearch plugin is available and used.

nginx.access.geoip.continent_name

edit

type: keyword

The name of the continent.

nginx.access.geoip.country_iso_code

edit

type: keyword

Country ISO code.

nginx.access.geoip.location

edit

type: geo_point

The longitude and latitude.

nginx.access.geoip.region_name

edit

type: keyword

The region name.

nginx.access.geoip.city_name

edit

type: keyword

The city name.

error Fields

edit

Contains fields for the Nginx error logs.

nginx.error.level

edit

type: keyword

Error level (e.g. error, critical).

nginx.error.pid

edit

type: long

Process identifier (PID).

nginx.error.tid

edit

type: long

Thread identifier.

nginx.error.connection_id

edit

type: long

Connection identifier.

nginx.error.message

edit

type: text

The error message