Need regex for sample nginx log to configure extractor

Dear all,

Some please help with complete regex for below sample log.

1xx.2xx.3x.4xx - - [1/Apr/2022:05:54:15 -0700 - 0.014] 200 “GET /application/subfield/private_session.aspx?m=xxxxx.xxxxxd0428f6695dc8x HTTP/2.0” 2 “” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ Safari/537.36” “-”

I can extract only url part using "(?:POST|GET|DELETE|PUT|HEAD|OPTIONS|CONNECT)\s(.*?)\sHTTP/\d.\d " .

Can someone please help with complete regex for above nginx log? Idea is to extract srcip, user, timestamp, application name, useragent, etc.

Thank you.


You may have more luck putting together a GROK pattern for that. I started on out here, shouldn’t be too hard to finish off…


1 Like

Hey @13rn3r

Can i ask what type of input your using and how your sending these logs?
I assume you want the whole message from nginx broke down into fields?