How to filter Nginx logs by regular expression in ELK stack?

A

Alexander2016-12-26 16:24:53

Nginx

Alexander, 2016-12-26 16:24:53

Hello dear. Raised ELK the other day in order to monitor certain parameters from the nginx log. I set up Grok, the data goes in the right format, Filebeat sends data to Logstash. But I can’t figure out in which part of the stack I need to drive a regular expression that will filter only logs with the required GET parameter, i.e. that start with a line like /ABC and exclude lines that might contain data like /download/ABC. The regular expression itself is the simplest, I understand this, but in Kibana I could not force it to search for data.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

A

Alexander, 2017-01-12
@ushliy

Update the entire ELK stack to version 5.1 and you will be happy, it works

M

Max, 2016-12-26
@MaxDukov

if it suits you to write not all the logs, but only a part, you can filter on Logstash.
Although if it suits the option "for a GET line containing XXX, add a sign by which it is easy to filter later in Kibana" - then again, this is done in Lostash. But the first option (write only what you need) is the best. We store less - we search faster.
well, do not forget about the correct data types and non-parsing fields, which you will search only for a complete match or you will not search at all.