Metadata-Version: 2.0
Name: nginx2es
Version: 0.2.2
Summary: Put parsed Nginx access.log to Elasticsearch
Home-page: https://github.com/ei-grad/nginx2es
Author: Andrew Grigorev
Author-email: andrew@ei-grad.ru
License: MIT
Description-Content-Type: UNKNOWN
Keywords: nginx access.log elasticsearch
Platform: UNKNOWN
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: System Administrators
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: Unix
Classifier: Topic :: Internet :: Log Analysis
Classifier: Topic :: System :: Logging
Classifier: Topic :: System :: Monitoring
Requires-Dist: elasticsearch
Requires-Dist: click
Requires-Dist: six
Requires-Dist: python-dateutil
Requires-Dist: inotify-simple
Requires-Dist: entrypoints

Put parsed Nginx access.log to Elasticsearch
============================================

Nginx access.log have to be formatted with this format:

.. code-block:: nginx

    log_format main_ext
        '$remote_addr $http_host $remote_user [$time_local] "$request" '
        '$status $body_bytes_sent "$http_referer" '
        '"$http_user_agent" "$http_x_forwarded_for" '
        'rt=$request_time ua="$upstream_addr" '
        'us="$upstream_status" ut="$upstream_response_time" '
        'ul="$upstream_response_length" '
        'cs=$upstream_cache_status';

Install
-------

Install with pip:

.. code-block:: bash

    pip install nginx2es

Features
--------

- Stable log record ID (hostname + file inode number + timestamp + file
  position). It makes possible to import log file more than once (adding some
  additional processing to nginx2es, or dropping a daily index containing only
  a half of records, etc) without creating a duplicate records.

- Parse query params and split request uri path components to separate fields
  for complex log filtering / aggregations.

- Optional use of the GeoIP database (requires the `geoip` module and the
  GeoIPCity.dat database file) - adds `city` and `region_name` fields.

- Correctly parse log records containing information about multiple upstream
  responses.

- The :code:`tail -F`-like mode implemented with inotify.



