Parse as Log directive

Owned by Robin Rielley
Last updated: Jun 16, 2020
2 min read

The PARSE-AS-LOG directive parses access log files, such as from Apache HTTPD and nginx servers.

Syntax

parse-as-log :column 'format'

Usage Notes

The PARSE-AS-LOG directive provides a generic log parser that you construct by specifying the <formatof the log line or the format in which the file was written. The format, which specifies the configuration options of the log line, becomes the schema of the access log lines as written by the service.

In addition to the config options specified in the Apache HTTPD manual under Custom Log Formats, these options are recognized:

  • common

  • combined

  • combinedio

  • referer

  • agent

For example: to parse either combined log format or common log format, you can use:

parse-as-log :body 'combined' parse-as-log :body 'common'

If you have logs that are in a format that is not supported, you can specify a custom format. In that case, format is a string of tokens specifying the log line format.

For nginx, the format tokens are specified by log_format and embedded variables.

Examples

The format for common log is:

%h %l %u %t "%r" %>s %b

and a corresponding log line as a record that needs to be parsed, in that format:

Applying either of these directives:

results in this record:

Using the Combined Log Format:

and a corresponding log line:

Complex formats, such as this, can also be parsed:

Example log line for such a format (note: reformatted from a single line):

 

Created in 2020 by Google Inc.