Regular Expressions 101

Community Patterns

lnav nginx access_log parser (for a slightly extended variation of combined log format)

1

Regular Expression
PCRE (PHP <7.3)

/
(?:-|(?P<real_ip>[\-\da-f.:]+))\s+\[(?P<remote_ip>[\da-f.:]+)\]\s+[\w\.\-]+\s+(?<remote_user>\S+)\s+\[(?<timestamp>[^\]]+)\]\s+"(?:\-|(?<request>\w+) (?<request_uri>[^ \?]+)(?:\?(?<request_uri_query>[^ ]*))? (?<request_version>[\w\/\.]+))"\s+(?P<status>[1-9]\d{2})\s+(?P<body_bytes_sent>\d+)\s+"(?<http_referer>[^"]+)"\s+"(?<http_user_agent>[^"]+)"\s+\[(?:\-|(?P<upstream_response_time>\d+(?:.\d+)?))\s+(?P<request_time>\d+(?:.\d+)?)\]
/
gm

Description

For our own format with real ip (from proxy forwarded for header) and upstream response times:

log_format combined_w_timing '$http_x_forwarded_for [$remote_addr] - $remote_user [$time_local] '
                    '"$request" $status $body_bytes_sent '
                    '"$http_referer" "$http_user_agent" '
                    '[$upstream_response_time $request_time]';
Submitted by anonymous - 4 years ago