Package Contents Explained

This package consists of the following:

Package Contents - Parsers

This package contains the following parsers:

  • nginx-access A parser for access logs. This parser works with two different formats of access logs - the default combined format and the suggested custom format that is described in Nginx Logs.

  • nginx-error A parser for default error log format.

Package Contents - Dashboards

Note that you can narrow the dataset used by the widgets to only specific values of certain fields, for example, select all (*) or a specific value for common fields, such as server name or in some cases error type etc, using parameters selection at the top of the dashboards.

Once you make parameter selections click Apply and the widgets will update to reflect only the data from the parameters selected. (when you click in the parameters selection all widgets on the dashboard that make use of the parameters have a blue outline to the widget).

This package contains the following Dashboards:

  • Overview

    A high level overview of how your servers are performing using data from the access logs. It includes e.g. numbers of clients visiting, their locations, the requests per second for servers.

  • HTTP errors

    Focuses on the HTTP error codes observed in the access logs and includes breakdowns of 4xx and 5xx errors, variations over time and the servers and clients associated with most errors.

  • Visitor insights

    Summarises key information from visitors to your web servers/sites, such as the sites referring visitors to your servers, their user agents, locations of visitors, the URLs they are requesting etc. There are also widgets which draw your attention to the presence of any matches for client IP addresses or referrer domains against the LogScale indicator of compromise (IOC) database.

  • Error log analysis

    Summary information generated from the error.log messages. Provides useful information on the operational health of your servers including the top clients and servers associated with error logs, the most common error messages, etc.

  • IOC matches for referrer domain

    Provides information for any referrer domain matches found in the LogScale IOC database.

  • IOC matches for client IP

    Provides information for any client IP address matches found in the LogScale IOC database.

Package Contents - Saved Queries

Statuscode count

A query for presenting the different status codes and the number of times they have been returned in a structured manner.

Top 10 referring web sites

A query for presenting the top 10 referring web sites.

Error statuscode distribution

A query for visualizing the distribution of error status codes over time.

Bytes sent

A query for visualizing the sum of bytes sent over time in intervals of 15 minutes.

Most visited URL's

A query for presenting the most visited URLs.

IP Addresses requesting most bytes

A query for visualizing the amount of bytes requested by the top requesting IP addresses.

Responses over time (Lookup)

A query for presenting status code responses over the time.