# CONFIGURED BY ANSIBLE

# parse ngenix raw access logs incl. time key
# https://help.ngenix.net/articles/#!docs/raw-access-logs-ral
# https://help.ngenix.net/articles/#!docs/logs
[PARSER]
    name   ngenix_time
    format regex
    # warning there is a trailing space at the end
    regex ^(?<remote_addr>[^ ]*) (?<host>[^ ]*) \[(?<time_local>[^\]]*)\] "(?<request>[^\"]*)" (?<status>[^ ]*) (?<upstream_cache_status>[^ ]*) "(?<upstream_addr>[^\"]*)" (?<body_bytes_sent>[^ ]*) "(?<http_referer>[^\"]*)" "(?<http_user_agent>[^\"]*)" "(?<request_time>[^\"]*)" "(?<gzip_ratio>[^\"]*)" "(?<ssl_cipher>[^\"]*)" "(?<connection>[^\"]*)" (?<bytes_sent>[^ ]*) "(?<upstream_response_length>[^\"]*)" "(?<upstream_header_time>[^\"]*)" "(?<upstream_response_time>[^\"]*)" "(?<upstream_status>[^\"]*)" (?<geoip_country_code>[^ ]*) (?<request_id>[^ ]*) (?<server_port>[^ ]*) *$
    time_key time_local
    time_format %d/%b/%Y:%H:%M:%S %z

# parse upstream_addr
[PARSER]
    name nge_custom_upstream
    format regex
    regex ^(?<upstream_ip>[^:]*):(?<upstream_port>[^ ]*)$

# parse request
[PARSER]
    name nge_split_request
    format regex
    regex ^(?<method>[^ ]*) (?<path>[^ ]*) HTTP/(?<http_version>[^ ]*)

# parse path
[PARSER]
    name   nge_strip_querystr
    format regex
    regex  ^(?<page>[^?]*)