btw, after re-reading the your questing, it looks like you need something like logstash grok filter.

br,
Aziz.





> On 10 Jan 2018, at 11:45, mohit Agrawal <mohit3081989@gmail.com> wrote:
>
> Hi ,
>
> I am looking to parse nginx error log so as to find out which particular IP is throttled during specific amount of time on connection throttling / request throttling. The format looks like :
>
> 2018/01/10 06:26:31 [error] 13485#13485: *64285471 limiting connections by zone "rl_conn", client: xx.xx.xx.xx, server: www.xyz.com, request: "GET /api/xyz HTTP/1.1", host: "www.xyz.com"
> And the sample that I am looking for is :
>
> {client: "xx.xx.xx.xx", server: "www.xyz.com", host: "www.xyz.com", "request": "GET /api/xyz HTTP/1.1", reason: "limiting connections by zone "rl_conn""}
> so that I can pass it through ELK stack and find out the root ip which is causing issue.
>
>
> --
> Mohit Agrawal
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx