Grafana Pattern Parser for Nginx Logs

Posted on by Andrew Minion

We use Grafana and Loki to ingest and monitor Nginx access logs. I was trying to find the average response time for one specific URL; Grafana out of the box provides a number of helpful labels, but wasn’t parsing the Nginx logs into labels.

Here’s the pattern parser I came up with:

<ip> [<timestamp>] <host> "<method> <path> <_>" HTTP <response_code> <response_size> time:<duration>s "<referer>" "<user_agent>" <_>

You can read the docs, but basically you supply a pattern, and each set of angle brackets is a “capture group”; if you don’t care about part of the line, then you can use <_> to discard it.

And here’s the full query that breaks the logs apart into those labels, filters to just the one path, and then plots the duration as points on a graph:

sum by() (
  avg_over_time(
    {pod=~"app-.+", container="nginx"}
    | pattern `<ip> [<timestamp>] <host> "<method> <path> <_>" HTTP <response_code> <response_size> time:<duration>s "<referer>" "<user_agent>" <_>`
    | path = `/path/I/want/to/inspect`
    | unwrap duration [$__interval]
    )
)

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.