{ "v": "1", "id": "d7dc82ff-529b-488a-b1de-b12b32e756bb", "rev": 3, "name": "nginx_json_graylog3", "summary": "Graylog 3.0+ compatible version of nginx_json content pack", "description": "", "vendor": "Originally created by petestorey26 and updated by paulbarfuss for graylog3.0+", "url": "https://github.com/paulbarfuss/graylog3-content-pack-nginx-json", "parameters": [], "entities": [ { "v": "1", "type": { "name": "dashboard", "version": "1" }, "id": "b7c3a54b-3ed4-4b73-9452-2731a18846c8", "data": { "title": { "@type": "string", "@value": "NGINX Overview" }, "description": { "@type": "string", "@value": "Overview of requests handled by NGINX" }, "widgets": [ { "id": { "@type": "string", "@value": "ab3138d7-9790-4c71-a804-f59ff5692e0f" }, "description": { "@type": "string", "@value": "Requests last 24h" }, "type": { "@type": "string", "@value": "STREAM_SEARCH_RESULT_COUNT" }, "cache_time": { "@type": "integer", "@value": 10 }, "time_range": { "type": { "@type": "string", "@value": "relative" }, "range": { "@type": "integer", "@value": 300 } }, "configuration": { "timerange": { "type": { "@type": "string", "@value": "relative" }, "range": { "@type": "integer", "@value": 300 } }, "lower_is_better": { "@type": "boolean", "@value": false }, "stream_id": { "@type": "string", "@value": "3b4da8c0-e9f8-42f9-8f41-9222caa8f407" }, "trend": { "@type": "boolean", "@value": false }, "query": { "@type": "string", "@value": "*" } }, "position": null } ] }, "constraints": [ { "type": "server-version", "version": ">=3.0.0+db6cf59" } ] }, { "v": "1", "type": { "name": "input", "version": "1" }, "id": "fa2ca431-c30d-455d-98b0-9ee703760760", "data": { "title": { "@type": "string", "@value": "nginx access log" }, "configuration": { "expand_structured_data": { "@type": "boolean", "@value": false }, "recv_buffer_size": { "@type": "integer", "@value": 1048576 }, "port": { "@type": "integer", "@value": 12304 }, "number_worker_threads": { "@type": "integer", "@value": 4 }, "force_rdns": { "@type": "boolean", "@value": false }, "allow_override_date": { "@type": "boolean", "@value": true }, "bind_address": { "@type": "string", "@value": "0.0.0.0" }, "store_full_message": { "@type": "boolean", "@value": false } }, "static_fields": { "from_nginx": { "@type": "string", "@value": "true" }, "nginx_access": { "@type": "string", "@value": "true" } }, "type": { "@type": "string", "@value": "org.graylog2.inputs.syslog.udp.SyslogUDPInput" }, "global": { "@type": "boolean", "@value": true }, "extractors": [ { "target_field": { "@type": "string", "@value": "json" }, "condition_value": { "@type": "string", "@value": "" }, "order": { "@type": "integer", "@value": 2 }, "converters": [], "configuration": { "replacement": { "@type": "string", "@value": "-" }, "regex": { "@type": "string", "@value": ".*" } }, "source_field": { "@type": "string", "@value": "json" }, "title": { "@type": "string", "@value": "Empty JSON field" }, "type": { "@type": "string", "@value": "REGEX_REPLACE" }, "cursor_strategy": { "@type": "string", "@value": "COPY" }, "condition_type": { "@type": "string", "@value": "NONE" } }, { "target_field": { "@type": "string", "@value": "" }, "condition_value": { "@type": "string", "@value": "" }, "order": { "@type": "integer", "@value": 1 }, "converters": [], "configuration": { "flatten": { "@type": "boolean", "@value": true }, "list_separator": { "@type": "string", "@value": ", " }, "kv_separator": { "@type": "string", "@value": "=" }, "key_prefix": { "@type": "string", "@value": "" }, "key_separator": { "@type": "string", "@value": "_" }, "replace_key_whitespace": { "@type": "boolean", "@value": false }, "key_whitespace_replacement": { "@type": "string", "@value": "_" } }, "source_field": { "@type": "string", "@value": "json" }, "title": { "@type": "string", "@value": "Extract JSON fields" }, "type": { "@type": "string", "@value": "JSON" }, "cursor_strategy": { "@type": "string", "@value": "COPY" }, "condition_type": { "@type": "string", "@value": "NONE" } }, { "target_field": { "@type": "string", "@value": "json" }, "condition_value": { "@type": "string", "@value": "" }, "order": { "@type": "integer", "@value": 0 }, "converters": [], "configuration": { "regex_value": { "@type": "string", "@value": "nginx:\\s+(.*)" } }, "source_field": { "@type": "string", "@value": "message" }, "title": { "@type": "string", "@value": "Get JSON from syslog message" }, "type": { "@type": "string", "@value": "REGEX" }, "cursor_strategy": { "@type": "string", "@value": "COPY" }, "condition_type": { "@type": "string", "@value": "NONE" } }, { "target_field": { "@type": "string", "@value": "message" }, "condition_value": { "@type": "string", "@value": "" }, "order": { "@type": "integer", "@value": 3 }, "converters": [], "configuration": { "replacement": { "@type": "string", "@value": "$1" }, "regex": { "@type": "string", "@value": ".*request\": \"(.*?)\".*" } }, "source_field": { "@type": "string", "@value": "message" }, "title": { "@type": "string", "@value": "Reduced message to path" }, "type": { "@type": "string", "@value": "REGEX_REPLACE" }, "cursor_strategy": { "@type": "string", "@value": "COPY" }, "condition_type": { "@type": "string", "@value": "NONE" } } ] }, "constraints": [ { "type": "server-version", "version": ">=3.0.0+db6cf59" } ] }, { "v": "1", "type": { "name": "input", "version": "1" }, "id": "540d1628-ceed-49d4-8960-068c5afaa993", "data": { "title": { "@type": "string", "@value": "nginx error log" }, "configuration": { "expand_structured_data": { "@type": "boolean", "@value": false }, "recv_buffer_size": { "@type": "integer", "@value": 1048576 }, "port": { "@type": "integer", "@value": 12305 }, "number_worker_threads": { "@type": "integer", "@value": 4 }, "force_rdns": { "@type": "boolean", "@value": false }, "allow_override_date": { "@type": "boolean", "@value": true }, "bind_address": { "@type": "string", "@value": "0.0.0.0" }, "store_full_message": { "@type": "boolean", "@value": false } }, "static_fields": { "nginx_error": { "@type": "string", "@value": "true" }, "from_nginx": { "@type": "string", "@value": "true" } }, "type": { "@type": "string", "@value": "org.graylog2.inputs.syslog.udp.SyslogUDPInput" }, "global": { "@type": "boolean", "@value": true }, "extractors": [ { "target_field": { "@type": "string", "@value": "server" }, "condition_value": { "@type": "string", "@value": "server" }, "order": { "@type": "integer", "@value": 1 }, "converters": [], "configuration": { "regex_value": { "@type": "string", "@value": "server:\\s(.+?)(,|$)" } }, "source_field": { "@type": "string", "@value": "message" }, "title": { "@type": "string", "@value": "server" }, "type": { "@type": "string", "@value": "REGEX" }, "cursor_strategy": { "@type": "string", "@value": "COPY" }, "condition_type": { "@type": "string", "@value": "STRING" } }, { "target_field": { "@type": "string", "@value": "timestamp" }, "condition_value": { "@type": "string", "@value": "" }, "order": { "@type": "integer", "@value": 0 }, "converters": [ { "type": { "@type": "string", "@value": "DATE" }, "configuration": { "date_format": { "@type": "string", "@value": "yyyy/MM/dd HH:mm:ss " } } } ], "configuration": { "regex_value": { "@type": "string", "@value": "^.*:\\s(\\d\\d\\d\\d/\\d\\d/\\d\\d\\s\\d\\d:\\d\\d:\\d\\d)\\s.*$" } }, "source_field": { "@type": "string", "@value": "message" }, "title": { "@type": "string", "@value": "Timestamp" }, "type": { "@type": "string", "@value": "REGEX" }, "cursor_strategy": { "@type": "string", "@value": "COPY" }, "condition_type": { "@type": "string", "@value": "NONE" } }, { "target_field": { "@type": "string", "@value": "remote_addr" }, "condition_value": { "@type": "string", "@value": "client" }, "order": { "@type": "integer", "@value": 2 }, "converters": [], "configuration": { "regex_value": { "@type": "string", "@value": "client:\\s(.+?)(,|$)" } }, "source_field": { "@type": "string", "@value": "message" }, "title": { "@type": "string", "@value": "remote_addr/client" }, "type": { "@type": "string", "@value": "REGEX" }, "cursor_strategy": { "@type": "string", "@value": "COPY" }, "condition_type": { "@type": "string", "@value": "STRING" } }, { "target_field": { "@type": "string", "@value": "host" }, "condition_value": { "@type": "string", "@value": "host" }, "order": { "@type": "integer", "@value": 3 }, "converters": [], "configuration": { "regex_value": { "@type": "string", "@value": "host:\\s\"(.+?)\"(,|$)" } }, "source_field": { "@type": "string", "@value": "message" }, "title": { "@type": "string", "@value": "host" }, "type": { "@type": "string", "@value": "REGEX" }, "cursor_strategy": { "@type": "string", "@value": "COPY" }, "condition_type": { "@type": "string", "@value": "STRING" } }, { "target_field": { "@type": "string", "@value": "request_verb" }, "condition_value": { "@type": "string", "@value": "request" }, "order": { "@type": "integer", "@value": 5 }, "converters": [], "configuration": { "regex_value": { "@type": "string", "@value": "request:\\s\"(GET|HEAD|POST|PUT|DELETE|TRACE|OPTIONS|CONNECT|PATCH).+\"(,|$)" } }, "source_field": { "@type": "string", "@value": "message" }, "title": { "@type": "string", "@value": "request_verb" }, "type": { "@type": "string", "@value": "REGEX" }, "cursor_strategy": { "@type": "string", "@value": "COPY" }, "condition_type": { "@type": "string", "@value": "STRING" } }, { "target_field": { "@type": "string", "@value": "request_path" }, "condition_value": { "@type": "string", "@value": "request" }, "order": { "@type": "integer", "@value": 4 }, "converters": [], "configuration": { "regex_value": { "@type": "string", "@value": "request:\\s\"(.+?)\"(,|$)" } }, "source_field": { "@type": "string", "@value": "message" }, "title": { "@type": "string", "@value": "request_path/request" }, "type": { "@type": "string", "@value": "REGEX" }, "cursor_strategy": { "@type": "string", "@value": "COPY" }, "condition_type": { "@type": "string", "@value": "STRING" } } ] }, "constraints": [ { "type": "server-version", "version": ">=3.0.0+db6cf59" } ] }, { "v": "1", "type": { "name": "stream", "version": "1" }, "id": "40645de4-746e-4ec0-86ec-47d893ded9b6", "data": { "alarm_callbacks": [], "outputs": [], "remove_matches": { "@type": "boolean", "@value": false }, "title": { "@type": "string", "@value": "nginx HTTP 4XXs" }, "stream_rules": [ { "type": { "@type": "string", "@value": "GREATER" }, "field": { "@type": "string", "@value": "response_status" }, "value": { "@type": "string", "@value": "399" }, "inverted": { "@type": "boolean", "@value": false }, "description": { "@type": "string", "@value": "" } }, { "type": { "@type": "string", "@value": "SMALLER" }, "field": { "@type": "string", "@value": "response_status" }, "value": { "@type": "string", "@value": "500" }, "inverted": { "@type": "boolean", "@value": false }, "description": { "@type": "string", "@value": "" } }, { "type": { "@type": "string", "@value": "EXACT" }, "field": { "@type": "string", "@value": "from_nginx" }, "value": { "@type": "string", "@value": "true" }, "inverted": { "@type": "boolean", "@value": false }, "description": { "@type": "string", "@value": "" } } ], "alert_conditions": [], "matching_type": { "@type": "string", "@value": "AND" }, "disabled": { "@type": "boolean", "@value": false }, "description": { "@type": "string", "@value": "All requests that were answered with a HTTP code in the 400 range by nginx" }, "default_stream": { "@type": "boolean", "@value": false } }, "constraints": [ { "type": "server-version", "version": ">=3.0.0+db6cf59" } ] }, { "v": "1", "type": { "name": "stream", "version": "1" }, "id": "5a0abcb1-b5af-4239-96f6-d8fc786c54be", "data": { "alarm_callbacks": [], "outputs": [], "remove_matches": { "@type": "boolean", "@value": false }, "title": { "@type": "string", "@value": "nginx requests" }, "stream_rules": [ { "type": { "@type": "string", "@value": "EXACT" }, "field": { "@type": "string", "@value": "nginx_access" }, "value": { "@type": "string", "@value": "true" }, "inverted": { "@type": "boolean", "@value": false }, "description": { "@type": "string", "@value": "" } } ], "alert_conditions": [], "matching_type": { "@type": "string", "@value": "AND" }, "disabled": { "@type": "boolean", "@value": false }, "description": { "@type": "string", "@value": "All requests that were logged into the nginx access_log" }, "default_stream": { "@type": "boolean", "@value": false } }, "constraints": [ { "type": "server-version", "version": ">=3.0.0+db6cf59" } ] }, { "v": "1", "type": { "name": "stream", "version": "1" }, "id": "3b4da8c0-e9f8-42f9-8f41-9222caa8f407", "data": { "alarm_callbacks": [], "outputs": [], "remove_matches": { "@type": "boolean", "@value": false }, "title": { "@type": "string", "@value": "nginx" }, "stream_rules": [ { "type": { "@type": "string", "@value": "EXACT" }, "field": { "@type": "string", "@value": "from_nginx" }, "value": { "@type": "string", "@value": "true" }, "inverted": { "@type": "boolean", "@value": false }, "description": { "@type": "string", "@value": "" } } ], "alert_conditions": [], "matching_type": { "@type": "string", "@value": "AND" }, "disabled": { "@type": "boolean", "@value": false }, "description": { "@type": "string", "@value": "all message to nginx_access and nginx_error" }, "default_stream": { "@type": "boolean", "@value": false } }, "constraints": [ { "type": "server-version", "version": ">=3.0.0+db6cf59" } ] }, { "v": "1", "type": { "name": "stream", "version": "1" }, "id": "6bfbdd7e-638a-4ff5-a3e0-327a21bad701", "data": { "alarm_callbacks": [], "outputs": [], "remove_matches": { "@type": "boolean", "@value": false }, "title": { "@type": "string", "@value": "nginx HTTP 404s" }, "stream_rules": [ { "type": { "@type": "string", "@value": "EXACT" }, "field": { "@type": "string", "@value": "response_status" }, "value": { "@type": "string", "@value": "404" }, "inverted": { "@type": "boolean", "@value": false }, "description": { "@type": "string", "@value": "" } }, { "type": { "@type": "string", "@value": "EXACT" }, "field": { "@type": "string", "@value": "from_nginx" }, "value": { "@type": "string", "@value": "true" }, "inverted": { "@type": "boolean", "@value": false }, "description": { "@type": "string", "@value": "" } } ], "alert_conditions": [], "matching_type": { "@type": "string", "@value": "AND" }, "disabled": { "@type": "boolean", "@value": false }, "description": { "@type": "string", "@value": "All requests that were answered with a HTTP 404 by nginx" }, "default_stream": { "@type": "boolean", "@value": false } }, "constraints": [ { "type": "server-version", "version": ">=3.0.0+db6cf59" } ] }, { "v": "1", "type": { "name": "stream", "version": "1" }, "id": "be3273d1-ff76-4ab5-8471-f7f2c3a8593e", "data": { "alarm_callbacks": [], "outputs": [], "remove_matches": { "@type": "boolean", "@value": false }, "title": { "@type": "string", "@value": "nginx HTTP 5XXXs" }, "stream_rules": [ { "type": { "@type": "string", "@value": "GREATER" }, "field": { "@type": "string", "@value": "response_status" }, "value": { "@type": "string", "@value": "499" }, "inverted": { "@type": "boolean", "@value": false }, "description": { "@type": "string", "@value": "" } }, { "type": { "@type": "string", "@value": "SMALLER" }, "field": { "@type": "string", "@value": "response_status" }, "value": { "@type": "string", "@value": "600" }, "inverted": { "@type": "boolean", "@value": false }, "description": { "@type": "string", "@value": "" } }, { "type": { "@type": "string", "@value": "EXACT" }, "field": { "@type": "string", "@value": "from_nginx" }, "value": { "@type": "string", "@value": "true" }, "inverted": { "@type": "boolean", "@value": false }, "description": { "@type": "string", "@value": "" } } ], "alert_conditions": [], "matching_type": { "@type": "string", "@value": "AND" }, "disabled": { "@type": "boolean", "@value": false }, "description": { "@type": "string", "@value": "All requests that were answered with a HTTP code in the 500 range by nginx" }, "default_stream": { "@type": "boolean", "@value": false } }, "constraints": [ { "type": "server-version", "version": ">=3.0.0+db6cf59" } ] }, { "v": "1", "type": { "name": "stream", "version": "1" }, "id": "1a3bec0f-34e6-41dc-9d38-fb0997fef588", "data": { "alarm_callbacks": [], "outputs": [], "remove_matches": { "@type": "boolean", "@value": false }, "title": { "@type": "string", "@value": "nginx errors" }, "stream_rules": [ { "type": { "@type": "string", "@value": "EXACT" }, "field": { "@type": "string", "@value": "nginx_error" }, "value": { "@type": "string", "@value": "true" }, "inverted": { "@type": "boolean", "@value": false }, "description": { "@type": "string", "@value": "" } } ], "alert_conditions": [], "matching_type": { "@type": "string", "@value": "AND" }, "disabled": { "@type": "boolean", "@value": false }, "description": { "@type": "string", "@value": "All requests that were logged into the nginx error_log" }, "default_stream": { "@type": "boolean", "@value": false } }, "constraints": [ { "type": "server-version", "version": ">=3.0.0+db6cf59" } ] } ] }