Regex path Nginx log

Can someone help me how to extract the path only from there examples please ? - - [02/Oct/2018:16:29:27 +0300] “GET /otp/validation?code=028041&user=14708515&useragent=android HTTP/1.1” 200 197 “-” “Go-http-client/1.1” “0.017” - - [02/Oct/2018:17:10:08 +0700] “GET /otp/generate?user=1201 HTTP/1.1” 200 157 “-” “Go-http-client/1.1” “0.008” - - [02/Oct/2018:17:10:08 +0700] “POST /otp/request HTTP/1.0” 200 131 “-” “okhttp/3.8.1” “0.195” - - [02/Oct/2018:17:11:48 +0700] “POST /otp/get-validation-status?user_id=10017643&otp_type=200 HTTP/1.0” 200 232 “-” “okhttp/3.8.1” “0.001”

I am using this regex \] "(GET|POST) (.+?)\?.* but the results is GET or POST. If i am using this regex \] "POST (.+?)\s.*. That regex is for POST only, if i am using it for GET method, the result is HTTP/1.1.
How do i extract /otp/any-path/ in GET and POST method ?
Thank you

I used this one \"((POST|GET) (.+?))\s.* but it displayed POST and path. How do i throw the POST or GET ?

I would recommend using Grok Patterns to extract the data you want. ( Grok Debugger actually has an existing grok pattern for Nginx access logs:

NGINXACCESS %{IPORHOST:clientip} %{NGUSER:ident} %{NGUSER:auth} \[%{HTTPDATE:timestamp}\] "%{WORD:verb} %{URIPATHPARAM:request} HTTP/%{NUMBER:httpversion}" %{NUMBER:response}  (?:%{NUMBER:bytes}|-) (?:"(?:%{URI:referrer}|-)"|%{QS:referrer}) %{QS:agent} %{QS:xforwardedfor} %{IPORHOST:host} %{BASE10NUM:request_duration}

If you want to keep regex instead of the good solution provided by megan201296:

Noted !
Thank you so much for sharing it.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.