NOTE: You are looking at documentation for an older release. For the latest information, see the current release documentation.
Nginx fields
editNginx fields
editModule for parsing the Nginx log files.
nginx fields
editFields from the Nginx log files.
access fields
editContains fields for the Nginx access logs.
-
nginx.access.remote_ip_list
-
type: array
An array of remote IP addresses. It is a list because it is common to include, besides the client IP address, IP addresses from headers like
X-Forwarded-For
. See also theremote_ip
field. -
nginx.access.remote_ip
-
type: keyword
Client IP address. The first public IP address from the
remote_ip_list
array. If no public IP addresses are present, this field contains the first private IP address from theremote_ip_list
array. -
nginx.access.user_name
-
type: keyword
The user name used when basic authentication is used.
-
nginx.access.method
-
type: keyword
example: GET
The request HTTP method.
-
nginx.access.url
-
type: keyword
The request HTTP URL.
-
nginx.access.http_version
-
type: keyword
The HTTP version.
-
nginx.access.response_code
-
type: long
The HTTP response code.
-
nginx.access.body_sent.bytes
-
type: long
format: bytes
The number of bytes of the server response body.
-
nginx.access.referrer
-
type: keyword
The HTTP referrer.
-
nginx.access.agent
-
type: text
Contains the un-parsed user agent string. Only present if the user agent Elasticsearch plugin is not available or not used.
user_agent fields
editContains the parsed User agent field. Only present if the user agent Elasticsearch plugin is available and used.
-
nginx.access.user_agent.device
-
type: keyword
The name of the physical device.
-
nginx.access.user_agent.major
-
type: long
The major version of the user agent.
-
nginx.access.user_agent.minor
-
type: long
The minor version of the user agent.
-
nginx.access.user_agent.patch
-
type: keyword
The patch version of the user agent.
-
nginx.access.user_agent.name
-
type: keyword
example: Chrome
The name of the user agent.
-
nginx.access.user_agent.os
-
type: keyword
The name of the operating system.
-
nginx.access.user_agent.os_major
-
type: long
The major version of the operating system.
-
nginx.access.user_agent.os_minor
-
type: long
The minor version of the operating system.
-
nginx.access.user_agent.os_name
-
type: keyword
The name of the operating system.
-
nginx.access.user_agent.original
-
type: text
Original user agent value before parsing by ingest-user-agent plugin.
Field is not indexed.
geoip fields
editContains GeoIP information gathered based on the remote_ip field. Only present if the GeoIP Elasticsearch plugin is available and used.
-
nginx.access.geoip.continent_name
-
type: keyword
The name of the continent.
-
nginx.access.geoip.country_iso_code
-
type: keyword
Country ISO code.
-
nginx.access.geoip.location
-
type: geo_point
The longitude and latitude.
-
nginx.access.geoip.region_name
-
type: keyword
The region name.
-
nginx.access.geoip.city_name
-
type: keyword
The city name.
-
nginx.access.geoip.region_iso_code
-
type: keyword
Region ISO code.
error fields
editContains fields for the Nginx error logs.
-
nginx.error.level
-
type: keyword
Error level (e.g. error, critical).
-
nginx.error.pid
-
type: long
Process identifier (PID).
-
nginx.error.tid
-
type: long
Thread identifier.
-
nginx.error.connection_id
-
type: long
Connection identifier.
-
nginx.error.message
-
type: text
The error message