As a DevOps guy I often do incident analysis, post deployment
monitoring and usual logs checks. If you also is using Splunk as me
when let me show for you few effective Splunk commands for Nginx logs
monitoring.
Extract fileds
To make commands works Nginx log fields have to be extracted into variables.
Where are 2 ways to extract fields:
Where are 2 ways to extract fields:
- By default Splunk recognise “access_combined” log format which is default format for Nginx. If it is your case congratulations nothing to do for you!
- For custom format of logs you will need to create regular expression. Splunk has built in user interface to extract fields or you can provide regular expression manually.
