Apache & Nginx Structure
InsightOps will automatically identify and index fields within your Apache and Nginx log events. Keys are automatically highlighted and clickable. Clicking on a field will populate the search bar to allow for quick searching of across your data.
If we take a normal Apache log example in this format:
192.0.2.1 - Ultan [07/Mar/2004:16:43:54 -0800] "GET /unencrypted_password_list HTTP/1.1" 404 9001 "http://passwords.hackz0r" "Mozilla/4.08 [en] (Win95)"
We know that the format of apache access logs are:
*addr* - *user* *timestamp* "*method* *path* *version*" *status* *bytes* *referrer* *agent*
And you’ll be able to parse those implied keys immediately for groupby queries and calculations. So from the example above:
Using this data allows easier log searching, for example you can now carry out queries such as:
You can see when a referrer comes from a certain site with:
You can see what urls are hit most often with
groupby(path) calculate(count) sort(desc)
You can see the average bytes sent with
You can see which addresses you get hit from the most often with