# CONFIGURED BY ANSIBLE # https://coredns.io/plugins/log/ # assuming "combined" coredns log format (includes remaining opcode) # [level] remote:port - query_id "type class name proto size dnssec_flag dnssec_buf" rcode rflags rsize duration "opcode" [PARSER] name coredns_combined format regex regex ^\[(?[^\]]+)] (?[^:]+):(?\d+) - (?\d+) "(?[^ ]+) (?[^ ]+) (?[^ ]+) (?[^ ]+) (?\d+) (?[^ ]+) (?\d+)" (?[^ ]+) (?[^ ]+) (?\d+) (?[^s]+)s "(?\d+)"$