ruanbekker/loki_nginx_regex_access_logs.md

Last active November 5, 2024 13:45

Star () You must be signed in to star a gist
Fork () You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/ruanbekker/cb4ebdc24331661ca120f20b4445ad75.js"></script>
Save ruanbekker/cb4ebdc24331661ca120f20b4445ad75 to your computer and use it in GitHub Desktop.

Download ZIP

Loki Regex LogQL Query for Nginx Access Logs

Raw

loki_nginx_regex_access_logs.md

Access Log:

172.16.4.86 - - [04/Jun/2022:07:58:38 +0000] "GET / HTTP/2.0" 301 280 "-" "curl"

Query in Grafana / Loki:

{job="prod/nginx"} |= "GET / " 
| regexp `(?P<ip>\S+) (?P<identd>\S+) (?P<user>\S+) \[(?P<timestamp>[\w:\/]+\s[+\\-]\d{4})\] "(?P<action>\S+)\s?(?P<path>\S+)\s?(?P<protocol>\S+)?" (?P<status>\d{3}|-) (?P<size>\d+|-)\s?"?(?P<referrer>[^\"]*)"?\s?"?(?P<useragent>[^\"]*)?"?`

More examples:

https://github.com/ruanbekker/cheatsheets/blob/master/loki/logql/README.md

References:

https://grafana.com/blog/2020/10/28/loki-2.0-released-transform-logs-as-youre-querying-them-and-set-up-alerts-within-loki/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment