{
  "v": "1",
  "id": "d7dc82ff-529b-488a-b1de-b12b32e756bb",
  "rev": 3,
  "name": "nginx_json_graylog3",
  "summary": "Graylog 3.0+ compatible version of nginx_json content pack",
  "description": "",
  "vendor": "Originally created by petestorey26 and updated by paulbarfuss for graylog3.0+",
  "url": "https://github.com/paulbarfuss/graylog3-content-pack-nginx-json",
  "parameters": [],
  "entities": [
    {
      "v": "1",
      "type": {
        "name": "dashboard",
        "version": "1"
      },
      "id": "b7c3a54b-3ed4-4b73-9452-2731a18846c8",
      "data": {
        "title": {
          "@type": "string",
          "@value": "NGINX Overview"
        },
        "description": {
          "@type": "string",
          "@value": "Overview of requests handled by NGINX"
        },
        "widgets": [
          {
            "id": {
              "@type": "string",
              "@value": "ab3138d7-9790-4c71-a804-f59ff5692e0f"
            },
            "description": {
              "@type": "string",
              "@value": "Requests last 24h"
            },
            "type": {
              "@type": "string",
              "@value": "STREAM_SEARCH_RESULT_COUNT"
            },
            "cache_time": {
              "@type": "integer",
              "@value": 10
            },
            "time_range": {
              "type": {
                "@type": "string",
                "@value": "relative"
              },
              "range": {
                "@type": "integer",
                "@value": 300
              }
            },
            "configuration": {
              "timerange": {
                "type": {
                  "@type": "string",
                  "@value": "relative"
                },
                "range": {
                  "@type": "integer",
                  "@value": 300
                }
              },
              "lower_is_better": {
                "@type": "boolean",
                "@value": false
              },
              "stream_id": {
                "@type": "string",
                "@value": "3b4da8c0-e9f8-42f9-8f41-9222caa8f407"
              },
              "trend": {
                "@type": "boolean",
                "@value": false
              },
              "query": {
                "@type": "string",
                "@value": "*"
              }
            },
            "position": null
          }
        ]
      },
      "constraints": [
        {
          "type": "server-version",
          "version": ">=3.0.0+db6cf59"
        }
      ]
    },
    {
      "v": "1",
      "type": {
        "name": "input",
        "version": "1"
      },
      "id": "fa2ca431-c30d-455d-98b0-9ee703760760",
      "data": {
        "title": {
          "@type": "string",
          "@value": "nginx access log"
        },
        "configuration": {
          "expand_structured_data": {
            "@type": "boolean",
            "@value": false
          },
          "recv_buffer_size": {
            "@type": "integer",
            "@value": 1048576
          },
          "port": {
            "@type": "integer",
            "@value": 12304
          },
          "number_worker_threads": {
            "@type": "integer",
            "@value": 4
          },
          "force_rdns": {
            "@type": "boolean",
            "@value": false
          },
          "allow_override_date": {
            "@type": "boolean",
            "@value": true
          },
          "bind_address": {
            "@type": "string",
            "@value": "0.0.0.0"
          },
          "store_full_message": {
            "@type": "boolean",
            "@value": false
          }
        },
        "static_fields": {
          "from_nginx": {
            "@type": "string",
            "@value": "true"
          },
          "nginx_access": {
            "@type": "string",
            "@value": "true"
          }
        },
        "type": {
          "@type": "string",
          "@value": "org.graylog2.inputs.syslog.udp.SyslogUDPInput"
        },
        "global": {
          "@type": "boolean",
          "@value": true
        },
        "extractors": [
          {
            "target_field": {
              "@type": "string",
              "@value": "json"
            },
            "condition_value": {
              "@type": "string",
              "@value": ""
            },
            "order": {
              "@type": "integer",
              "@value": 2
            },
            "converters": [],
            "configuration": {
              "replacement": {
                "@type": "string",
                "@value": "-"
              },
              "regex": {
                "@type": "string",
                "@value": ".*"
              }
            },
            "source_field": {
              "@type": "string",
              "@value": "json"
            },
            "title": {
              "@type": "string",
              "@value": "Empty JSON field"
            },
            "type": {
              "@type": "string",
              "@value": "REGEX_REPLACE"
            },
            "cursor_strategy": {
              "@type": "string",
              "@value": "COPY"
            },
            "condition_type": {
              "@type": "string",
              "@value": "NONE"
            }
          },
          {
            "target_field": {
              "@type": "string",
              "@value": ""
            },
            "condition_value": {
              "@type": "string",
              "@value": ""
            },
            "order": {
              "@type": "integer",
              "@value": 1
            },
            "converters": [],
            "configuration": {
              "flatten": {
                "@type": "boolean",
                "@value": true
              },
              "list_separator": {
                "@type": "string",
                "@value": ", "
              },
              "kv_separator": {
                "@type": "string",
                "@value": "="
              },
              "key_prefix": {
                "@type": "string",
                "@value": ""
              },
              "key_separator": {
                "@type": "string",
                "@value": "_"
              },
              "replace_key_whitespace": {
                "@type": "boolean",
                "@value": false
              },
              "key_whitespace_replacement": {
                "@type": "string",
                "@value": "_"
              }
            },
            "source_field": {
              "@type": "string",
              "@value": "json"
            },
            "title": {
              "@type": "string",
              "@value": "Extract JSON fields"
            },
            "type": {
              "@type": "string",
              "@value": "JSON"
            },
            "cursor_strategy": {
              "@type": "string",
              "@value": "COPY"
            },
            "condition_type": {
              "@type": "string",
              "@value": "NONE"
            }
          },
          {
            "target_field": {
              "@type": "string",
              "@value": "json"
            },
            "condition_value": {
              "@type": "string",
              "@value": ""
            },
            "order": {
              "@type": "integer",
              "@value": 0
            },
            "converters": [],
            "configuration": {
              "regex_value": {
                "@type": "string",
                "@value": "nginx:\\s+(.*)"
              }
            },
            "source_field": {
              "@type": "string",
              "@value": "message"
            },
            "title": {
              "@type": "string",
              "@value": "Get JSON from syslog message"
            },
            "type": {
              "@type": "string",
              "@value": "REGEX"
            },
            "cursor_strategy": {
              "@type": "string",
              "@value": "COPY"
            },
            "condition_type": {
              "@type": "string",
              "@value": "NONE"
            }
          },
          {
            "target_field": {
              "@type": "string",
              "@value": "message"
            },
            "condition_value": {
              "@type": "string",
              "@value": ""
            },
            "order": {
              "@type": "integer",
              "@value": 3
            },
            "converters": [],
            "configuration": {
              "replacement": {
                "@type": "string",
                "@value": "$1"
              },
              "regex": {
                "@type": "string",
                "@value": ".*request\": \"(.*?)\".*"
              }
            },
            "source_field": {
              "@type": "string",
              "@value": "message"
            },
            "title": {
              "@type": "string",
              "@value": "Reduced message to path"
            },
            "type": {
              "@type": "string",
              "@value": "REGEX_REPLACE"
            },
            "cursor_strategy": {
              "@type": "string",
              "@value": "COPY"
            },
            "condition_type": {
              "@type": "string",
              "@value": "NONE"
            }
          }
        ]
      },
      "constraints": [
        {
          "type": "server-version",
          "version": ">=3.0.0+db6cf59"
        }
      ]
    },
    {
      "v": "1",
      "type": {
        "name": "input",
        "version": "1"
      },
      "id": "540d1628-ceed-49d4-8960-068c5afaa993",
      "data": {
        "title": {
          "@type": "string",
          "@value": "nginx error log"
        },
        "configuration": {
          "expand_structured_data": {
            "@type": "boolean",
            "@value": false
          },
          "recv_buffer_size": {
            "@type": "integer",
            "@value": 1048576
          },
          "port": {
            "@type": "integer",
            "@value": 12305
          },
          "number_worker_threads": {
            "@type": "integer",
            "@value": 4
          },
          "force_rdns": {
            "@type": "boolean",
            "@value": false
          },
          "allow_override_date": {
            "@type": "boolean",
            "@value": true
          },
          "bind_address": {
            "@type": "string",
            "@value": "0.0.0.0"
          },
          "store_full_message": {
            "@type": "boolean",
            "@value": false
          }
        },
        "static_fields": {
          "nginx_error": {
            "@type": "string",
            "@value": "true"
          },
          "from_nginx": {
            "@type": "string",
            "@value": "true"
          }
        },
        "type": {
          "@type": "string",
          "@value": "org.graylog2.inputs.syslog.udp.SyslogUDPInput"
        },
        "global": {
          "@type": "boolean",
          "@value": true
        },
        "extractors": [
          {
            "target_field": {
              "@type": "string",
              "@value": "server"
            },
            "condition_value": {
              "@type": "string",
              "@value": "server"
            },
            "order": {
              "@type": "integer",
              "@value": 1
            },
            "converters": [],
            "configuration": {
              "regex_value": {
                "@type": "string",
                "@value": "server:\\s(.+?)(,|$)"
              }
            },
            "source_field": {
              "@type": "string",
              "@value": "message"
            },
            "title": {
              "@type": "string",
              "@value": "server"
            },
            "type": {
              "@type": "string",
              "@value": "REGEX"
            },
            "cursor_strategy": {
              "@type": "string",
              "@value": "COPY"
            },
            "condition_type": {
              "@type": "string",
              "@value": "STRING"
            }
          },
          {
            "target_field": {
              "@type": "string",
              "@value": "timestamp"
            },
            "condition_value": {
              "@type": "string",
              "@value": ""
            },
            "order": {
              "@type": "integer",
              "@value": 0
            },
            "converters": [
              {
                "type": {
                  "@type": "string",
                  "@value": "DATE"
                },
                "configuration": {
                  "date_format": {
                    "@type": "string",
                    "@value": "yyyy/MM/dd HH:mm:ss "
                  }
                }
              }
            ],
            "configuration": {
              "regex_value": {
                "@type": "string",
                "@value": "^.*:\\s(\\d\\d\\d\\d/\\d\\d/\\d\\d\\s\\d\\d:\\d\\d:\\d\\d)\\s.*$"
              }
            },
            "source_field": {
              "@type": "string",
              "@value": "message"
            },
            "title": {
              "@type": "string",
              "@value": "Timestamp"
            },
            "type": {
              "@type": "string",
              "@value": "REGEX"
            },
            "cursor_strategy": {
              "@type": "string",
              "@value": "COPY"
            },
            "condition_type": {
              "@type": "string",
              "@value": "NONE"
            }
          },
          {
            "target_field": {
              "@type": "string",
              "@value": "remote_addr"
            },
            "condition_value": {
              "@type": "string",
              "@value": "client"
            },
            "order": {
              "@type": "integer",
              "@value": 2
            },
            "converters": [],
            "configuration": {
              "regex_value": {
                "@type": "string",
                "@value": "client:\\s(.+?)(,|$)"
              }
            },
            "source_field": {
              "@type": "string",
              "@value": "message"
            },
            "title": {
              "@type": "string",
              "@value": "remote_addr/client"
            },
            "type": {
              "@type": "string",
              "@value": "REGEX"
            },
            "cursor_strategy": {
              "@type": "string",
              "@value": "COPY"
            },
            "condition_type": {
              "@type": "string",
              "@value": "STRING"
            }
          },
          {
            "target_field": {
              "@type": "string",
              "@value": "host"
            },
            "condition_value": {
              "@type": "string",
              "@value": "host"
            },
            "order": {
              "@type": "integer",
              "@value": 3
            },
            "converters": [],
            "configuration": {
              "regex_value": {
                "@type": "string",
                "@value": "host:\\s\"(.+?)\"(,|$)"
              }
            },
            "source_field": {
              "@type": "string",
              "@value": "message"
            },
            "title": {
              "@type": "string",
              "@value": "host"
            },
            "type": {
              "@type": "string",
              "@value": "REGEX"
            },
            "cursor_strategy": {
              "@type": "string",
              "@value": "COPY"
            },
            "condition_type": {
              "@type": "string",
              "@value": "STRING"
            }
          },
          {
            "target_field": {
              "@type": "string",
              "@value": "request_verb"
            },
            "condition_value": {
              "@type": "string",
              "@value": "request"
            },
            "order": {
              "@type": "integer",
              "@value": 5
            },
            "converters": [],
            "configuration": {
              "regex_value": {
                "@type": "string",
                "@value": "request:\\s\"(GET|HEAD|POST|PUT|DELETE|TRACE|OPTIONS|CONNECT|PATCH).+\"(,|$)"
              }
            },
            "source_field": {
              "@type": "string",
              "@value": "message"
            },
            "title": {
              "@type": "string",
              "@value": "request_verb"
            },
            "type": {
              "@type": "string",
              "@value": "REGEX"
            },
            "cursor_strategy": {
              "@type": "string",
              "@value": "COPY"
            },
            "condition_type": {
              "@type": "string",
              "@value": "STRING"
            }
          },
          {
            "target_field": {
              "@type": "string",
              "@value": "request_path"
            },
            "condition_value": {
              "@type": "string",
              "@value": "request"
            },
            "order": {
              "@type": "integer",
              "@value": 4
            },
            "converters": [],
            "configuration": {
              "regex_value": {
                "@type": "string",
                "@value": "request:\\s\"(.+?)\"(,|$)"
              }
            },
            "source_field": {
              "@type": "string",
              "@value": "message"
            },
            "title": {
              "@type": "string",
              "@value": "request_path/request"
            },
            "type": {
              "@type": "string",
              "@value": "REGEX"
            },
            "cursor_strategy": {
              "@type": "string",
              "@value": "COPY"
            },
            "condition_type": {
              "@type": "string",
              "@value": "STRING"
            }
          }
        ]
      },
      "constraints": [
        {
          "type": "server-version",
          "version": ">=3.0.0+db6cf59"
        }
      ]
    },
    {
      "v": "1",
      "type": {
        "name": "stream",
        "version": "1"
      },
      "id": "40645de4-746e-4ec0-86ec-47d893ded9b6",
      "data": {
        "alarm_callbacks": [],
        "outputs": [],
        "remove_matches": {
          "@type": "boolean",
          "@value": false
        },
        "title": {
          "@type": "string",
          "@value": "nginx HTTP 4XXs"
        },
        "stream_rules": [
          {
            "type": {
              "@type": "string",
              "@value": "GREATER"
            },
            "field": {
              "@type": "string",
              "@value": "response_status"
            },
            "value": {
              "@type": "string",
              "@value": "399"
            },
            "inverted": {
              "@type": "boolean",
              "@value": false
            },
            "description": {
              "@type": "string",
              "@value": ""
            }
          },
          {
            "type": {
              "@type": "string",
              "@value": "SMALLER"
            },
            "field": {
              "@type": "string",
              "@value": "response_status"
            },
            "value": {
              "@type": "string",
              "@value": "500"
            },
            "inverted": {
              "@type": "boolean",
              "@value": false
            },
            "description": {
              "@type": "string",
              "@value": ""
            }
          },
          {
            "type": {
              "@type": "string",
              "@value": "EXACT"
            },
            "field": {
              "@type": "string",
              "@value": "from_nginx"
            },
            "value": {
              "@type": "string",
              "@value": "true"
            },
            "inverted": {
              "@type": "boolean",
              "@value": false
            },
            "description": {
              "@type": "string",
              "@value": ""
            }
          }
        ],
        "alert_conditions": [],
        "matching_type": {
          "@type": "string",
          "@value": "AND"
        },
        "disabled": {
          "@type": "boolean",
          "@value": false
        },
        "description": {
          "@type": "string",
          "@value": "All requests that were answered with a HTTP code in the 400 range by nginx"
        },
        "default_stream": {
          "@type": "boolean",
          "@value": false
        }
      },
      "constraints": [
        {
          "type": "server-version",
          "version": ">=3.0.0+db6cf59"
        }
      ]
    },
    {
      "v": "1",
      "type": {
        "name": "stream",
        "version": "1"
      },
      "id": "5a0abcb1-b5af-4239-96f6-d8fc786c54be",
      "data": {
        "alarm_callbacks": [],
        "outputs": [],
        "remove_matches": {
          "@type": "boolean",
          "@value": false
        },
        "title": {
          "@type": "string",
          "@value": "nginx requests"
        },
        "stream_rules": [
          {
            "type": {
              "@type": "string",
              "@value": "EXACT"
            },
            "field": {
              "@type": "string",
              "@value": "nginx_access"
            },
            "value": {
              "@type": "string",
              "@value": "true"
            },
            "inverted": {
              "@type": "boolean",
              "@value": false
            },
            "description": {
              "@type": "string",
              "@value": ""
            }
          }
        ],
        "alert_conditions": [],
        "matching_type": {
          "@type": "string",
          "@value": "AND"
        },
        "disabled": {
          "@type": "boolean",
          "@value": false
        },
        "description": {
          "@type": "string",
          "@value": "All requests that were logged into the nginx access_log"
        },
        "default_stream": {
          "@type": "boolean",
          "@value": false
        }
      },
      "constraints": [
        {
          "type": "server-version",
          "version": ">=3.0.0+db6cf59"
        }
      ]
    },
    {
      "v": "1",
      "type": {
        "name": "stream",
        "version": "1"
      },
      "id": "3b4da8c0-e9f8-42f9-8f41-9222caa8f407",
      "data": {
        "alarm_callbacks": [],
        "outputs": [],
        "remove_matches": {
          "@type": "boolean",
          "@value": false
        },
        "title": {
          "@type": "string",
          "@value": "nginx"
        },
        "stream_rules": [
          {
            "type": {
              "@type": "string",
              "@value": "EXACT"
            },
            "field": {
              "@type": "string",
              "@value": "from_nginx"
            },
            "value": {
              "@type": "string",
              "@value": "true"
            },
            "inverted": {
              "@type": "boolean",
              "@value": false
            },
            "description": {
              "@type": "string",
              "@value": ""
            }
          }
        ],
        "alert_conditions": [],
        "matching_type": {
          "@type": "string",
          "@value": "AND"
        },
        "disabled": {
          "@type": "boolean",
          "@value": false
        },
        "description": {
          "@type": "string",
          "@value": "all message to nginx_access and nginx_error"
        },
        "default_stream": {
          "@type": "boolean",
          "@value": false
        }
      },
      "constraints": [
        {
          "type": "server-version",
          "version": ">=3.0.0+db6cf59"
        }
      ]
    },
    {
      "v": "1",
      "type": {
        "name": "stream",
        "version": "1"
      },
      "id": "6bfbdd7e-638a-4ff5-a3e0-327a21bad701",
      "data": {
        "alarm_callbacks": [],
        "outputs": [],
        "remove_matches": {
          "@type": "boolean",
          "@value": false
        },
        "title": {
          "@type": "string",
          "@value": "nginx HTTP 404s"
        },
        "stream_rules": [
          {
            "type": {
              "@type": "string",
              "@value": "EXACT"
            },
            "field": {
              "@type": "string",
              "@value": "response_status"
            },
            "value": {
              "@type": "string",
              "@value": "404"
            },
            "inverted": {
              "@type": "boolean",
              "@value": false
            },
            "description": {
              "@type": "string",
              "@value": ""
            }
          },
          {
            "type": {
              "@type": "string",
              "@value": "EXACT"
            },
            "field": {
              "@type": "string",
              "@value": "from_nginx"
            },
            "value": {
              "@type": "string",
              "@value": "true"
            },
            "inverted": {
              "@type": "boolean",
              "@value": false
            },
            "description": {
              "@type": "string",
              "@value": ""
            }
          }
        ],
        "alert_conditions": [],
        "matching_type": {
          "@type": "string",
          "@value": "AND"
        },
        "disabled": {
          "@type": "boolean",
          "@value": false
        },
        "description": {
          "@type": "string",
          "@value": "All requests that were answered with a HTTP 404 by nginx"
        },
        "default_stream": {
          "@type": "boolean",
          "@value": false
        }
      },
      "constraints": [
        {
          "type": "server-version",
          "version": ">=3.0.0+db6cf59"
        }
      ]
    },
    {
      "v": "1",
      "type": {
        "name": "stream",
        "version": "1"
      },
      "id": "be3273d1-ff76-4ab5-8471-f7f2c3a8593e",
      "data": {
        "alarm_callbacks": [],
        "outputs": [],
        "remove_matches": {
          "@type": "boolean",
          "@value": false
        },
        "title": {
          "@type": "string",
          "@value": "nginx HTTP 5XXXs"
        },
        "stream_rules": [
          {
            "type": {
              "@type": "string",
              "@value": "GREATER"
            },
            "field": {
              "@type": "string",
              "@value": "response_status"
            },
            "value": {
              "@type": "string",
              "@value": "499"
            },
            "inverted": {
              "@type": "boolean",
              "@value": false
            },
            "description": {
              "@type": "string",
              "@value": ""
            }
          },
          {
            "type": {
              "@type": "string",
              "@value": "SMALLER"
            },
            "field": {
              "@type": "string",
              "@value": "response_status"
            },
            "value": {
              "@type": "string",
              "@value": "600"
            },
            "inverted": {
              "@type": "boolean",
              "@value": false
            },
            "description": {
              "@type": "string",
              "@value": ""
            }
          },
          {
            "type": {
              "@type": "string",
              "@value": "EXACT"
            },
            "field": {
              "@type": "string",
              "@value": "from_nginx"
            },
            "value": {
              "@type": "string",
              "@value": "true"
            },
            "inverted": {
              "@type": "boolean",
              "@value": false
            },
            "description": {
              "@type": "string",
              "@value": ""
            }
          }
        ],
        "alert_conditions": [],
        "matching_type": {
          "@type": "string",
          "@value": "AND"
        },
        "disabled": {
          "@type": "boolean",
          "@value": false
        },
        "description": {
          "@type": "string",
          "@value": "All requests that were answered with a HTTP code in the 500 range by nginx"
        },
        "default_stream": {
          "@type": "boolean",
          "@value": false
        }
      },
      "constraints": [
        {
          "type": "server-version",
          "version": ">=3.0.0+db6cf59"
        }
      ]
    },
    {
      "v": "1",
      "type": {
        "name": "stream",
        "version": "1"
      },
      "id": "1a3bec0f-34e6-41dc-9d38-fb0997fef588",
      "data": {
        "alarm_callbacks": [],
        "outputs": [],
        "remove_matches": {
          "@type": "boolean",
          "@value": false
        },
        "title": {
          "@type": "string",
          "@value": "nginx errors"
        },
        "stream_rules": [
          {
            "type": {
              "@type": "string",
              "@value": "EXACT"
            },
            "field": {
              "@type": "string",
              "@value": "nginx_error"
            },
            "value": {
              "@type": "string",
              "@value": "true"
            },
            "inverted": {
              "@type": "boolean",
              "@value": false
            },
            "description": {
              "@type": "string",
              "@value": ""
            }
          }
        ],
        "alert_conditions": [],
        "matching_type": {
          "@type": "string",
          "@value": "AND"
        },
        "disabled": {
          "@type": "boolean",
          "@value": false
        },
        "description": {
          "@type": "string",
          "@value": "All requests that were logged into the nginx error_log"
        },
        "default_stream": {
          "@type": "boolean",
          "@value": false
        }
      },
      "constraints": [
        {
          "type": "server-version",
          "version": ">=3.0.0+db6cf59"
        }
      ]
    }
  ]
}