{"id":"f65d3d7a-dea4-447d-a2fa-c922e77d05d8","rev":1,"v":"1","name":"nginx-docker","summary":"This content pack supports nginx running in docker, sending JSON formatted log messages over GELF.","description":"This content pack supports nginx running in docker, sending JSON formatted log messages over GELF, allowing for arbitrary addition of fields without having to add regex extractors, as well as faster performance on the graylog side as it has reduced numbers of regexes running against the input compared with the original graylog version.\n\nIt then blanks the \"json\" field used as an intermediate step, and reduces the message field to just show the request path, reducing the storage requirements.","vendor":"Lewis George <lewis.george@innoscale.net>","url":"","created_at":"2019-04-13T07:35:44.545Z","server_version":"3.0.1+de74b68","parameters":[],"entities":[{"id":"ac4a174d-a70b-4a0a-81fa-483307ec3925","type":{"name":"dashboard","version":"1"},"v":"1","data":{"title":{"@type":"string","@value":"nginx overview"},"description":{"@type":"string","@value":"Overview of requests handled by nginx"},"widgets":[{"id":{"@type":"string","@value":"a5877c9b-557a-4224-8d8f-acbb59fc2795"},"description":{"@type":"string","@value":"Response codes last 24h"},"type":{"@type":"string","@value":"QUICKVALUES"},"cache_time":{"@type":"integer","@value":10},"time_range":{"type":{"@type":"string","@value":"relative"},"range":{"@type":"integer","@value":86400}},"configuration":{"query":{"@type":"string","@value":"*"},"show_pie_chart":{"@type":"boolean","@value":true},"sort_order":{"@type":"string","@value":"desc"},"timerange":{"type":{"@type":"string","@value":"relative"},"range":{"@type":"integer","@value":86400}},"stacked_fields":{"@type":"string","@value":""},"data_table_limit":{"@type":"integer","@value":50},"field":{"@type":"string","@value":"response_status"},"stream_id":{"@type":"string","@value":"c01c0108-76e1-4ffd-8989-e17eea15cca7"},"show_data_table":{"@type":"boolean","@value":true},"limit":{"@type":"integer","@value":5}},"position":{"width":{"@type":"integer","@value":2},"height":{"@type":"integer","@value":6},"row":{"@type":"integer","@value":7},"col":{"@type":"integer","@value":3}}},{"id":{"@type":"string","@value":"da08c8d9-e790-476d-a72d-bd519b730415"},"description":{"@type":"string","@value":"HTTP versions last 24h"},"type":{"@type":"string","@value":"QUICKVALUES"},"cache_time":{"@type":"integer","@value":300},"time_range":{"type":{"@type":"string","@value":"relative"},"range":{"@type":"integer","@value":86400}},"configuration":{"interval":{"@type":"string","@value":"minute"},"query":{"@type":"string","@value":"*"},"show_pie_chart":{"@type":"boolean","@value":true},"sort_order":{"@type":"string","@value":"desc"},"timerange":{"type":{"@type":"string","@value":"relative"},"range":{"@type":"integer","@value":86400}},"stacked_fields":{"@type":"string","@value":""},"data_table_limit":{"@type":"integer","@value":50},"field":{"@type":"string","@value":"http_version"},"stream_id":{"@type":"string","@value":"c01c0108-76e1-4ffd-8989-e17eea15cca7"},"show_data_table":{"@type":"boolean","@value":true},"limit":{"@type":"integer","@value":5}},"position":{"width":{"@type":"integer","@value":2},"height":{"@type":"integer","@value":6},"row":{"@type":"integer","@value":7},"col":{"@type":"integer","@value":1}}},{"id":{"@type":"string","@value":"cd6b3928-b803-48af-ab6e-6ac4ca8f8a19"},"description":{"@type":"string","@value":"HTTP 5XXs last 24h"},"type":{"@type":"string","@value":"STREAM_SEARCH_RESULT_COUNT"},"cache_time":{"@type":"integer","@value":10},"time_range":{"type":{"@type":"string","@value":"relative"},"range":{"@type":"integer","@value":86400}},"configuration":{"timerange":{"type":{"@type":"string","@value":"relative"},"range":{"@type":"integer","@value":86400}},"lower_is_better":{"@type":"boolean","@value":true},"stream_id":{"@type":"string","@value":"6d548373-336d-4b82-8966-896b5bd878e6"},"trend":{"@type":"boolean","@value":true},"query":{"@type":"string","@value":"*"}},"position":{"width":{"@type":"integer","@value":2},"height":{"@type":"integer","@value":2},"row":{"@type":"integer","@value":5},"col":{"@type":"integer","@value":1}}},{"id":{"@type":"string","@value":"497f5446-aefc-4725-9e26-e120e6afbd9c"},"description":{"@type":"string","@value":"Map of requests"},"type":{"@type":"string","@value":"org.graylog.plugins.map.widget.strategy.MapWidgetStrategy"},"cache_time":{"@type":"integer","@value":10},"time_range":{"type":{"@type":"string","@value":"relative"},"range":{"@type":"integer","@value":300}},"configuration":{"timerange":{"type":{"@type":"string","@value":"relative"},"range":{"@type":"integer","@value":300}},"field":{"@type":"string","@value":"remote_addr_geolocation"},"query":{"@type":"string","@value":"gl2_source_input:5cb1142cf83a45000e288147"}},"position":{"width":{"@type":"integer","@value":3},"height":{"@type":"integer","@value":5},"row":{"@type":"integer","@value":1},"col":{"@type":"integer","@value":7}}},{"id":{"@type":"string","@value":"ea5fe156-25bf-4b6f-9231-1b458444fe82"},"description":{"@type":"string","@value":"HTTP 4XXs last 24h"},"type":{"@type":"string","@value":"SEARCH_RESULT_CHART"},"cache_time":{"@type":"integer","@value":10},"time_range":{"type":{"@type":"string","@value":"relative"},"range":{"@type":"integer","@value":86400}},"configuration":{"timerange":{"type":{"@type":"string","@value":"relative"},"range":{"@type":"integer","@value":86400}},"interval":{"@type":"string","@value":"minute"},"stream_id":{"@type":"string","@value":"ee7b2194-7f41-44ee-a24e-273596065174"},"query":{"@type":"string","@value":""}},"position":{"width":{"@type":"integer","@value":4},"height":{"@type":"integer","@value":2},"row":{"@type":"integer","@value":3},"col":{"@type":"integer","@value":3}}},{"id":{"@type":"string","@value":"d44376ae-f6cf-47d9-ab7a-a9777e445fb9"},"description":{"@type":"string","@value":"Requests last 24h"},"type":{"@type":"string","@value":"SEARCH_RESULT_CHART"},"cache_time":{"@type":"integer","@value":10},"time_range":{"type":{"@type":"string","@value":"relative"},"range":{"@type":"integer","@value":86400}},"configuration":{"timerange":{"type":{"@type":"string","@value":"relative"},"range":{"@type":"integer","@value":86400}},"interval":{"@type":"string","@value":"minute"},"stream_id":{"@type":"string","@value":"c01c0108-76e1-4ffd-8989-e17eea15cca7"},"query":{"@type":"string","@value":""}},"position":{"width":{"@type":"integer","@value":4},"height":{"@type":"integer","@value":2},"row":{"@type":"integer","@value":1},"col":{"@type":"integer","@value":3}}},{"id":{"@type":"string","@value":"29ba366a-9339-459b-a2cd-2fbf8ddfdd17"},"description":{"@type":"string","@value":"Requests last 24h"},"type":{"@type":"string","@value":"STREAM_SEARCH_RESULT_COUNT"},"cache_time":{"@type":"integer","@value":10},"time_range":{"type":{"@type":"string","@value":"relative"},"range":{"@type":"integer","@value":86400}},"configuration":{"timerange":{"type":{"@type":"string","@value":"relative"},"range":{"@type":"integer","@value":86400}},"lower_is_better":{"@type":"boolean","@value":false},"stream_id":{"@type":"string","@value":"c01c0108-76e1-4ffd-8989-e17eea15cca7"},"trend":{"@type":"boolean","@value":true},"query":{"@type":"string","@value":"*"}},"position":{"width":{"@type":"integer","@value":2},"height":{"@type":"integer","@value":2},"row":{"@type":"integer","@value":1},"col":{"@type":"integer","@value":1}}},{"id":{"@type":"string","@value":"dc56200d-9539-4435-84e3-1270f3c7d0c3"},"description":{"@type":"string","@value":"Response codes last hour"},"type":{"@type":"string","@value":"QUICKVALUES"},"cache_time":{"@type":"integer","@value":10},"time_range":{"type":{"@type":"string","@value":"relative"},"range":{"@type":"integer","@value":3600}},"configuration":{"query":{"@type":"string","@value":"*"},"show_pie_chart":{"@type":"boolean","@value":true},"sort_order":{"@type":"string","@value":"desc"},"timerange":{"type":{"@type":"string","@value":"relative"},"range":{"@type":"integer","@value":3600}},"stacked_fields":{"@type":"string","@value":""},"data_table_limit":{"@type":"integer","@value":50},"field":{"@type":"string","@value":"response_status"},"stream_id":{"@type":"string","@value":"c01c0108-76e1-4ffd-8989-e17eea15cca7"},"show_data_table":{"@type":"boolean","@value":true},"limit":{"@type":"integer","@value":5}},"position":{"width":{"@type":"integer","@value":2},"height":{"@type":"integer","@value":6},"row":{"@type":"integer","@value":7},"col":{"@type":"integer","@value":5}}},{"id":{"@type":"string","@value":"4741b70d-06ce-44f9-ad12-07ca3ae8a0df"},"description":{"@type":"string","@value":"HTTP 4XXs last 24h"},"type":{"@type":"string","@value":"STREAM_SEARCH_RESULT_COUNT"},"cache_time":{"@type":"integer","@value":10},"time_range":{"type":{"@type":"string","@value":"relative"},"range":{"@type":"integer","@value":86400}},"configuration":{"timerange":{"type":{"@type":"string","@value":"relative"},"range":{"@type":"integer","@value":86400}},"lower_is_better":{"@type":"boolean","@value":true},"stream_id":{"@type":"string","@value":"ee7b2194-7f41-44ee-a24e-273596065174"},"trend":{"@type":"boolean","@value":true},"query":{"@type":"string","@value":"*"}},"position":{"width":{"@type":"integer","@value":2},"height":{"@type":"integer","@value":2},"row":{"@type":"integer","@value":3},"col":{"@type":"integer","@value":1}}},{"id":{"@type":"string","@value":"b92c427b-dc56-4e79-bcbf-9b06a798c32c"},"description":{"@type":"string","@value":"HTTP 5XXs last 24h"},"type":{"@type":"string","@value":"SEARCH_RESULT_CHART"},"cache_time":{"@type":"integer","@value":10},"time_range":{"type":{"@type":"string","@value":"relative"},"range":{"@type":"integer","@value":300}},"configuration":{"timerange":{"type":{"@type":"string","@value":"relative"},"range":{"@type":"integer","@value":300}},"interval":{"@type":"string","@value":"minute"},"stream_id":{"@type":"string","@value":"6d548373-336d-4b82-8966-896b5bd878e6"},"query":{"@type":"string","@value":""}},"position":{"width":{"@type":"integer","@value":4},"height":{"@type":"integer","@value":2},"row":{"@type":"integer","@value":5},"col":{"@type":"integer","@value":3}}}]},"constraints":[{"type":"server-version","version":">=3.0.1+de74b68"}]},{"id":"5f7be7c2-dff7-452b-9fff-6b77af86aa8e","type":{"name":"grok_pattern","version":"1"},"v":"1","data":{"name":"IPORHOSTORUNDERSCORE","pattern":"(?:%{IPORHOST}|_)"},"constraints":[{"type":"server-version","version":">=3.0.1+de74b68"}]},{"id":"1391bec5-cc0f-4378-917b-2c130e8358ae","type":{"name":"grok_pattern","version":"1"},"v":"1","data":{"name":"IPORHOST","pattern":"(?:%{IP}|%{HOSTNAME})"},"constraints":[{"type":"server-version","version":">=3.0.1+de74b68"}]},{"id":"b2729a5a-c8d7-4e47-b231-dec8e5735439","type":{"name":"grok_pattern","version":"1"},"v":"1","data":{"name":"NUMBER","pattern":"(?:%{BASE10NUM})"},"constraints":[{"type":"server-version","version":">=3.0.1+de74b68"}]},{"id":"af43e5a2-7035-4f34-81e7-f7fe0aeec0ed","type":{"name":"grok_pattern","version":"1"},"v":"1","data":{"name":"GREEDYDATA","pattern":".*"},"constraints":[{"type":"server-version","version":">=3.0.1+de74b68"}]},{"id":"688b6ac8-4bf7-4f36-a279-b0afa16dace9","type":{"name":"grok_pattern","version":"1"},"v":"1","data":{"name":"QS","pattern":"%{QUOTEDSTRING}"},"constraints":[{"type":"server-version","version":">=3.0.1+de74b68"}]},{"id":"19d8e6b1-fb6c-49e9-8e55-44d976d8a543","type":{"name":"grok_pattern","version":"1"},"v":"1","data":{"name":"YEAR","pattern":"(?>\\d\\d){1,2}"},"constraints":[{"type":"server-version","version":">=3.0.1+de74b68"}]},{"id":"f7f493c7-d167-4149-a6e2-f22674373a78","type":{"name":"grok_pattern","version":"1"},"v":"1","data":{"name":"MONTHNUM","pattern":"(?:0?[1-9]|1[0-2])"},"constraints":[{"type":"server-version","version":">=3.0.1+de74b68"}]},{"id":"2eaa221e-190d-4e69-8cca-06dc03df86a8","type":{"name":"grok_pattern","version":"1"},"v":"1","data":{"name":"POSINT","pattern":"\\b(?:[1-9][0-9]*)\\b"},"constraints":[{"type":"server-version","version":">=3.0.1+de74b68"}]},{"id":"65f5da14-39ee-4aa2-a207-3808dd385dee","type":{"name":"grok_pattern","version":"1"},"v":"1","data":{"name":"TIME","pattern":"(?!<[0-9])%{HOUR}:%{MINUTE}(?::%{SECOND})(?![0-9])"},"constraints":[{"type":"server-version","version":">=3.0.1+de74b68"}]},{"id":"5b56d1fa-b8ff-45b9-953b-681fd55118b1","type":{"name":"grok_pattern","version":"1"},"v":"1","data":{"name":"LOGLEVEL","pattern":"([Aa]lert|ALERT|[Tt]race|TRACE|[Dd]ebug|DEBUG|[Nn]otice|NOTICE|[Ii]nfo|INFO|[Ww]arn?(?:ing)?|WARN?(?:ING)?|[Ee]rr?(?:or)?|ERR?(?:OR)?|[Cc]rit?(?:ical)?|CRIT?(?:ICAL)?|[Ff]atal|FATAL|[Ss]evere|SEVERE|EMERG(?:ENCY)?|[Ee]merg(?:ency)?)"},"constraints":[{"type":"server-version","version":">=3.0.1+de74b68"}]},{"id":"fb2d6af7-066f-4be6-8d62-c48af5870bf6","type":{"name":"grok_pattern","version":"1"},"v":"1","data":{"name":"URI","pattern":"%{URIPROTO}://(?:%{USER}(?::[^@]*)?@)?(?:%{URIHOST})?(?:%{URIPATHPARAM})?"},"constraints":[{"type":"server-version","version":">=3.0.1+de74b68"}]},{"id":"471d3f8d-863e-48bd-ac98-573fb9b137e2","type":{"name":"grok_pattern","version":"1"},"v":"1","data":{"name":"MONTHDAY","pattern":"(?:(?:0[1-9])|(?:[12][0-9])|(?:3[01])|[1-9])"},"constraints":[{"type":"server-version","version":">=3.0.1+de74b68"}]},{"id":"e93619fc-52df-4d7a-af26-f3178d01e306","type":{"name":"grok_pattern","version":"1"},"v":"1","data":{"name":"HOSTNAME","pattern":"\\b(?:[0-9A-Za-z][0-9A-Za-z-]{0,62})(?:\\.(?:[0-9A-Za-z][0-9A-Za-z-]{0,62}))*(\\.?|\\b)"},"constraints":[{"type":"server-version","version":">=3.0.1+de74b68"}]},{"id":"ff1be91b-3789-42ba-84aa-7e85321834c0","type":{"name":"grok_pattern","version":"1"},"v":"1","data":{"name":"IP","pattern":"(?:%{IPV6}|%{IPV4})"},"constraints":[{"type":"server-version","version":">=3.0.1+de74b68"}]},{"id":"732dcbc7-ff97-46a3-ab2a-c7f099d9d5ff","type":{"name":"grok_pattern","version":"1"},"v":"1","data":{"name":"BASE10NUM","pattern":"(?<![0-9.+-])(?>[+-]?(?:(?:[0-9]+(?:\\.[0-9]+)?)|(?:\\.[0-9]+)))"},"constraints":[{"type":"server-version","version":">=3.0.1+de74b68"}]},{"id":"9d7809cc-5fca-4fc9-b6b2-1cb65268ba5e","type":{"name":"grok_pattern","version":"1"},"v":"1","data":{"name":"QUOTEDSTRING","pattern":"(?>(?<!\\\\)(?>\"(?>\\\\.|[^\\\\\"]+)+\"|\"\"|(?>'(?>\\\\.|[^\\\\']+)+')|''|(?>`(?>\\\\.|[^\\\\`]+)+`)|``))"},"constraints":[{"type":"server-version","version":">=3.0.1+de74b68"}]},{"id":"f4ec274a-7f21-4dbd-81eb-746aeb536739","type":{"name":"grok_pattern","version":"1"},"v":"1","data":{"name":"HOUR","pattern":"(?:2[0123]|[01]?[0-9])"},"constraints":[{"type":"server-version","version":">=3.0.1+de74b68"}]},{"id":"11c062a2-58a0-484a-90b9-f32d61a124ea","type":{"name":"grok_pattern","version":"1"},"v":"1","data":{"name":"MINUTE","pattern":"(?:[0-5][0-9])"},"constraints":[{"type":"server-version","version":">=3.0.1+de74b68"}]},{"id":"8807716c-a9b8-4a7e-8894-bfed32a1938e","type":{"name":"grok_pattern","version":"1"},"v":"1","data":{"name":"SECOND","pattern":"(?:(?:[0-5]?[0-9]|60)(?:[:.,][0-9]+)?)"},"constraints":[{"type":"server-version","version":">=3.0.1+de74b68"}]},{"id":"73af654b-0cc9-4eb2-a5bb-b22aa0a8d2fb","type":{"name":"grok_pattern","version":"1"},"v":"1","data":{"name":"URIHOST","pattern":"%{IPORHOST}(?::%{POSINT:port})?"},"constraints":[{"type":"server-version","version":">=3.0.1+de74b68"}]},{"id":"fc4209bc-69d0-414b-b130-8b3b0bc10892","type":{"name":"grok_pattern","version":"1"},"v":"1","data":{"name":"URIPATHPARAM","pattern":"%{URIPATH}(?:%{URIPARAM})?"},"constraints":[{"type":"server-version","version":">=3.0.1+de74b68"}]},{"id":"934a4ddd-117b-4cb8-a8f3-5344770a2800","type":{"name":"grok_pattern","version":"1"},"v":"1","data":{"name":"USER","pattern":"%{USERNAME}"},"constraints":[{"type":"server-version","version":">=3.0.1+de74b68"}]},{"id":"cd6b43ed-dc67-42d4-bf9f-7695f849236c","type":{"name":"grok_pattern","version":"1"},"v":"1","data":{"name":"URIPROTO","pattern":"[A-Za-z]+(\\+[A-Za-z+]+)?"},"constraints":[{"type":"server-version","version":">=3.0.1+de74b68"}]},{"id":"dffa5369-2696-48fe-875f-75e27c83be18","type":{"name":"grok_pattern","version":"1"},"v":"1","data":{"name":"IPV6","pattern":"((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:)))(%.+)?"},"constraints":[{"type":"server-version","version":">=3.0.1+de74b68"}]},{"id":"500890d1-93ed-45e5-b8ac-bf5b23f94b83","type":{"name":"grok_pattern","version":"1"},"v":"1","data":{"name":"IPV4","pattern":"(?<![0-9])(?:(?:[0-1]?[0-9]{1,2}|2[0-4][0-9]|25[0-5])[.](?:[0-1]?[0-9]{1,2}|2[0-4][0-9]|25[0-5])[.](?:[0-1]?[0-9]{1,2}|2[0-4][0-9]|25[0-5])[.](?:[0-1]?[0-9]{1,2}|2[0-4][0-9]|25[0-5]))(?![0-9])"},"constraints":[{"type":"server-version","version":">=3.0.1+de74b68"}]},{"id":"ea6b35cc-52a2-4c51-b985-88366c3b5536","type":{"name":"grok_pattern","version":"1"},"v":"1","data":{"name":"URIPATH","pattern":"(?:/[A-Za-z0-9$.+!*'(){},~:;=@#%_\\-]*)+"},"constraints":[{"type":"server-version","version":">=3.0.1+de74b68"}]},{"id":"f157bfba-7407-4451-8a98-41612b53262e","type":{"name":"grok_pattern","version":"1"},"v":"1","data":{"name":"URIPARAM","pattern":"\\?[A-Za-z0-9$.+!*'|(){},~@#%&/=:;_?\\-\\[\\]<>]*"},"constraints":[{"type":"server-version","version":">=3.0.1+de74b68"}]},{"id":"5ffc0693-2013-46d0-b332-824fe16d382c","type":{"name":"grok_pattern","version":"1"},"v":"1","data":{"name":"USERNAME","pattern":"[a-zA-Z0-9._-]+"},"constraints":[{"type":"server-version","version":">=3.0.1+de74b68"}]},{"id":"52aee066-5229-4a6b-8bca-a0978af4e247","type":{"name":"input","version":"1"},"v":"1","data":{"title":{"@type":"string","@value":"nginx logs"},"configuration":{"recv_buffer_size":{"@type":"integer","@value":1048576},"port":{"@type":"integer","@value":12401},"number_worker_threads":{"@type":"integer","@value":24},"bind_address":{"@type":"string","@value":"0.0.0.0"},"decompress_size_limit":{"@type":"integer","@value":8388608}},"static_fields":{"from_nginx":{"@type":"string","@value":"true"}},"type":{"@type":"string","@value":"org.graylog2.inputs.gelf.udp.GELFUDPInput"},"global":{"@type":"boolean","@value":true},"extractors":[{"target_field":{"@type":"string","@value":""},"condition_value":{"@type":"string","@value":"^\\{"},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"flatten":{"@type":"boolean","@value":true},"list_separator":{"@type":"string","@value":", "},"kv_separator":{"@type":"string","@value":"="},"key_prefix":{"@type":"string","@value":""},"key_separator":{"@type":"string","@value":"_"},"replace_key_whitespace":{"@type":"boolean","@value":false},"key_whitespace_replacement":{"@type":"string","@value":"_"}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"Extract JSON fields from gelf message"},"type":{"@type":"string","@value":"JSON"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"REGEX"}},{"target_field":{"@type":"string","@value":"message"},"condition_value":{"@type":"string","@value":"^\\{"},"order":{"@type":"integer","@value":1},"converters":[],"configuration":{"regex":{"@type":"string","@value":".*request\\\": \\\"(.*?)\\\".*"},"replacement":{"@type":"string","@value":"$1"},"replace_all":{"@type":"boolean","@value":false}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"Reduce message to path"},"type":{"@type":"string","@value":"REGEX_REPLACE"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"REGEX"}},{"target_field":{"@type":"string","@value":""},"condition_value":{"@type":"string","@value":"^(\\d{4}/\\d{2}/\\d{2} \\d{2}:\\d{2}:\\d{2}) \\[(\\w+)\\] (\\d+).(\\d+): (.*)$"},"order":{"@type":"integer","@value":3},"converters":[],"configuration":{"grok_pattern":{"@type":"string","@value":"^(?<timestamp>%{YEAR}[./-]%{MONTHNUM}[./-]%{MONTHDAY}[- ]%{TIME}) \\[%{LOGLEVEL:severity}\\] %{POSINT:pid}#%{NUMBER}: %{GREEDYDATA:errormessage}(?:, client: %{IPORHOST:client})(?:, server: %{IPORHOSTORUNDERSCORE:server})(?:, request: %{QS:request})?(?:, upstream: \\\"%{URI:upstream}\\\")?(?:, host: %{QS:host})?(?:, referrer: \\\"%{URI:referrer}\\\")?$"},"named_captures_only":{"@type":"boolean","@value":true}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"[Error log] extract fields"},"type":{"@type":"string","@value":"GROK"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"REGEX"}},{"target_field":{"@type":"string","@value":"message"},"condition_value":{"@type":"string","@value":"^(\\d{4}/\\d{2}/\\d{2} \\d{2}:\\d{2}:\\d{2}) \\[(\\w+)\\] (\\d+).(\\d+): (.*)$"},"order":{"@type":"integer","@value":4},"converters":[],"configuration":{"replacement":{"@type":"string","@value":"$1"},"regex":{"@type":"string","@value":"^\\d{4}\\/\\d{2}\\/\\d{2} \\d{2}:\\d{2}:\\d{2} \\[\\w+\\] \\d+.\\d+: (.*?), client:.*$"}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"[Error log] Reduce error log to message only"},"type":{"@type":"string","@value":"REGEX_REPLACE"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"REGEX"}},{"target_field":{"@type":"string","@value":"remote_addr_geolocation"},"condition_value":{"@type":"string","@value":"^(?:[0-9]{1,3}\\.){3}[0-9]{1,3}$"},"order":{"@type":"integer","@value":2},"converters":[],"configuration":{"lookup_table_name":{"@type":"string","@value":"geo-ip-city-maxmind-lookup"}},"source_field":{"@type":"string","@value":"remote_addr"},"title":{"@type":"string","@value":"Lookup Remote Address Geolocation"},"type":{"@type":"string","@value":"LOOKUP_TABLE"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"REGEX"}}]},"constraints":[{"type":"server-version","version":">=3.0.1+de74b68"}]},{"id":"4bc475db-6f2f-430c-afea-e72167da98c6","type":{"name":"lookup_adapter","version":"1"},"v":"1","data":{"name":{"@type":"string","@value":"geo-ip-city-maxmind-adapater"},"title":{"@type":"string","@value":"Geo IP - City - MaxMind adapater"},"description":{"@type":"string","@value":""},"configuration":{"type":{"@type":"string","@value":"maxmind_geoip"},"path":{"@type":"string","@value":"/usr/local/etc/graylog/GeoLite2-City.mmdb"},"database_type":{"@type":"string","@value":"MAXMIND_CITY"},"check_interval":{"@type":"long","@value":1},"check_interval_unit":{"@type":"string","@value":"DAYS"}}},"constraints":[{"type":"server-version","version":">=3.0.1+de74b68"}]},{"id":"912b98f2-d3dd-4d63-b131-18923a6d35c9","type":{"name":"lookup_cache","version":"1"},"v":"1","data":{"name":{"@type":"string","@value":"geo-ip-city-maxmind-cache"},"title":{"@type":"string","@value":"Geo IP - City - MaxMind cache"},"description":{"@type":"string","@value":""},"configuration":{"type":{"@type":"string","@value":"guava_cache"},"max_size":{"@type":"integer","@value":10000},"expire_after_access":{"@type":"long","@value":0},"expire_after_access_unit":{"@type":"string","@value":"MINUTES"},"expire_after_write":{"@type":"long","@value":6},"expire_after_write_unit":{"@type":"string","@value":"HOURS"}}},"constraints":[{"type":"server-version","version":">=3.0.1+de74b68"}]},{"id":"185911de-1f1c-49b8-a5f9-fa61e8e70b46","type":{"name":"lookup_table","version":"1"},"v":"1","data":{"default_single_value_type":{"@type":"string","@value":"NULL"},"cache_name":{"@type":"string","@value":"912b98f2-d3dd-4d63-b131-18923a6d35c9"},"name":{"@type":"string","@value":"geo-ip-city-maxmind-lookup"},"default_multi_value_type":{"@type":"string","@value":"NULL"},"default_multi_value":{"@type":"string","@value":""},"data_adapter_name":{"@type":"string","@value":"4bc475db-6f2f-430c-afea-e72167da98c6"},"title":{"@type":"string","@value":"Geo IP - City - MaxMind Lookup"},"default_single_value":{"@type":"string","@value":"0"},"description":{"@type":"string","@value":""}},"constraints":[{"type":"server-version","version":">=3.0.1+de74b68"}]},{"id":"8827294c-00e2-4ca3-b4ef-ec68968c68e9","type":{"name":"stream","version":"1"},"v":"1","data":{"alarm_callbacks":[],"outputs":[],"remove_matches":{"@type":"boolean","@value":false},"title":{"@type":"string","@value":"nginx HTTP 404s"},"stream_rules":[{"type":{"@type":"string","@value":"EXACT"},"field":{"@type":"string","@value":"from_nginx"},"value":{"@type":"string","@value":"true"},"inverted":{"@type":"boolean","@value":false},"description":{"@type":"string","@value":""}},{"type":{"@type":"string","@value":"EXACT"},"field":{"@type":"string","@value":"response_status"},"value":{"@type":"string","@value":"404"},"inverted":{"@type":"boolean","@value":false},"description":{"@type":"string","@value":""}}],"alert_conditions":[],"matching_type":{"@type":"string","@value":"AND"},"disabled":{"@type":"boolean","@value":false},"description":{"@type":"string","@value":"All requests that were answered with a HTTP 404 by nginx"},"default_stream":{"@type":"boolean","@value":false}},"constraints":[{"type":"server-version","version":">=3.0.1+de74b68"}]},{"id":"6d548373-336d-4b82-8966-896b5bd878e6","type":{"name":"stream","version":"1"},"v":"1","data":{"alarm_callbacks":[],"outputs":[],"remove_matches":{"@type":"boolean","@value":false},"title":{"@type":"string","@value":"nginx HTTP 5XXs"},"stream_rules":[{"type":{"@type":"string","@value":"EXACT"},"field":{"@type":"string","@value":"from_nginx"},"value":{"@type":"string","@value":"true"},"inverted":{"@type":"boolean","@value":false},"description":{"@type":"string","@value":""}},{"type":{"@type":"string","@value":"GREATER"},"field":{"@type":"string","@value":"response_status"},"value":{"@type":"string","@value":"499"},"inverted":{"@type":"boolean","@value":false},"description":{"@type":"string","@value":""}}],"alert_conditions":[],"matching_type":{"@type":"string","@value":"AND"},"disabled":{"@type":"boolean","@value":false},"description":{"@type":"string","@value":"All requests that were answered with a HTTP code in the 500 range by nginx"},"default_stream":{"@type":"boolean","@value":false}},"constraints":[{"type":"server-version","version":">=3.0.1+de74b68"}]},{"id":"2ccdf844-8921-42e0-8181-92e1aace82cf","type":{"name":"stream","version":"1"},"v":"1","data":{"alarm_callbacks":[],"outputs":[],"remove_matches":{"@type":"boolean","@value":false},"title":{"@type":"string","@value":"nginx errors"},"stream_rules":[{"type":{"@type":"string","@value":"EXACT"},"field":{"@type":"string","@value":"from_nginx"},"value":{"@type":"string","@value":"true"},"inverted":{"@type":"boolean","@value":false},"description":{"@type":"string","@value":""}},{"type":{"@type":"string","@value":"PRESENCE"},"field":{"@type":"string","@value":"nginx_access"},"value":{"@type":"string","@value":"true"},"inverted":{"@type":"boolean","@value":true},"description":{"@type":"string","@value":""}},{"type":{"@type":"string","@value":"PRESENCE"},"field":{"@type":"string","@value":"errormessage"},"value":{"@type":"string","@value":""},"inverted":{"@type":"boolean","@value":false},"description":{"@type":"string","@value":""}}],"alert_conditions":[],"matching_type":{"@type":"string","@value":"AND"},"disabled":{"@type":"boolean","@value":false},"description":{"@type":"string","@value":"All requests that were logged into the nginx error_log"},"default_stream":{"@type":"boolean","@value":false}},"constraints":[{"type":"server-version","version":">=3.0.1+de74b68"}]},{"id":"c01c0108-76e1-4ffd-8989-e17eea15cca7","type":{"name":"stream","version":"1"},"v":"1","data":{"alarm_callbacks":[],"outputs":[],"remove_matches":{"@type":"boolean","@value":false},"title":{"@type":"string","@value":"nginx requests"},"stream_rules":[{"type":{"@type":"string","@value":"PRESENCE"},"field":{"@type":"string","@value":"nginx_access"},"value":{"@type":"string","@value":""},"inverted":{"@type":"boolean","@value":false},"description":{"@type":"string","@value":""}}],"alert_conditions":[],"matching_type":{"@type":"string","@value":"AND"},"disabled":{"@type":"boolean","@value":false},"description":{"@type":"string","@value":"All requests that were logged into the nginx access_log"},"default_stream":{"@type":"boolean","@value":false}},"constraints":[{"type":"server-version","version":">=3.0.1+de74b68"}]},{"id":"ee7b2194-7f41-44ee-a24e-273596065174","type":{"name":"stream","version":"1"},"v":"1","data":{"alarm_callbacks":[],"outputs":[],"remove_matches":{"@type":"boolean","@value":false},"title":{"@type":"string","@value":"nginx HTTP 4XXs"},"stream_rules":[{"type":{"@type":"string","@value":"EXACT"},"field":{"@type":"string","@value":"from_nginx"},"value":{"@type":"string","@value":"true"},"inverted":{"@type":"boolean","@value":false},"description":{"@type":"string","@value":""}},{"type":{"@type":"string","@value":"GREATER"},"field":{"@type":"string","@value":"response_status"},"value":{"@type":"string","@value":"399"},"inverted":{"@type":"boolean","@value":false},"description":{"@type":"string","@value":""}},{"type":{"@type":"string","@value":"SMALLER"},"field":{"@type":"string","@value":"response_status"},"value":{"@type":"string","@value":"500"},"inverted":{"@type":"boolean","@value":false},"description":{"@type":"string","@value":""}}],"alert_conditions":[],"matching_type":{"@type":"string","@value":"AND"},"disabled":{"@type":"boolean","@value":false},"description":{"@type":"string","@value":"All requests that were answered with a HTTP code in the 400 range by nginx"},"default_stream":{"@type":"boolean","@value":false}},"constraints":[{"type":"server-version","version":">=3.0.1+de74b68"}]},{"id":"0fa4dd7e-b138-4f24-a0e7-960c26e5746d","type":{"name":"stream","version":"1"},"v":"1","data":{"alarm_callbacks":[],"outputs":[],"remove_matches":{"@type":"boolean","@value":false},"title":{"@type":"string","@value":"nginx"},"stream_rules":[{"type":{"@type":"string","@value":"EXACT"},"field":{"@type":"string","@value":"from_nginx"},"value":{"@type":"string","@value":"true"},"inverted":{"@type":"boolean","@value":false},"description":{"@type":"string","@value":""}}],"alert_conditions":[],"matching_type":{"@type":"string","@value":"AND"},"disabled":{"@type":"boolean","@value":false},"description":{"@type":"string","@value":"All requests that were logged into the nginx access_log or nginx_error_log"},"default_stream":{"@type":"boolean","@value":false}},"constraints":[{"type":"server-version","version":">=3.0.1+de74b68"}]}]}