The "type" field is used to identify the type of log data and provide you with a richer logging experience. For example, if your "type" is apache_access, we will assume that the logs that we receive are Apache access logs, parse them accordingly, and then give you customised GROKing and enrichment out of the box.
A detailed explanation on how to ship the logs for the various sources is specified here.
The following table describes the built-in types supported by the platform - customized types can be added as required:
| Description | Type |
| Nginx Access logs | nginx , nginx_access , nginx-access |
| Nginx Error logs | nginx-error |
| Apache Access logs | apache , apache_access , apache-access |
| Elasticsearch | elasticsearch |
| Nagios | nagios |
| HAProxy | haproxy |
| Monit | monit |
| Mysql | mysql |
| Mysql Error logs | mysql_error |
| Mysql Slow Query logs | mysql_slow_query |
| Mysql Monitor logs | mysql_monitor |
| GPFS | gpfs |
| MongoDB | mongodb |
| Microsoft IIS | iis |
| AWS CloudFront | cloudfront |
| AWS VPCFlow | vpcflow |
| AWS CloudTrail | cloudtrail |
| AWS ELB | elb |
| AWS S3 Access | S3Access |
| OSSEC | ossec |
| Jenkins | jenkins |
| Route 53 | route_53 |
| Kafka Server Logs | kafka_server |
| Guard Duty | guardduty |
Comments
6 comments
My IIS parser seems to be disabled. How do I enable it?
Hi Jose,
This is Josh from Logz.io support, our parsing wizard does not allow custom parsing built in log types. So either you can contact support at help@logz.io and request custom parsing for your IIS logs, or you can ship the logs with a different type like iis-custom and then you can use the data parsing wizard to parse those logs.
If you have any questions or issues you can also contact us via that chat icon in the bottom right of the application.
Hi Joshua,
It turned out that my IIS logs didn't match your pre-defined grok templates. You have four.
As I mentioned in my email to the support team, at first hand, it is virtually impossible for anyone to "guess" which fields you are looking for in a log entry.
I think you should come up with a blog post where you explain, maybe using screenshots of the IIS log configuration, which fields need to be selected because we don't have any visibility into your grok templates.
Aside from that, everything ran smoothly.
Thanks!
Hi Jose,
Thank you for your comments, our default IIS groks are built to match the default IIS log formats. The idea here is that if you are using the default logging format then the parsing will work, if not then you can contact support to have it custom parsed for you, we do not want you to change your log format to meet our default patterns, it's better that we custom parse the logs for you in that case :-)
As you can see our support is quick to reply and help with the custom parsing. I'm happy to see everything worked out for you.
Best Regards,
Josh
What type do I use for the standard OS syslog? I'm using Raspbian (Debian-based) and rsyslog. Most logs go to /var/log/syslog.
Hi Christopher,
This is Josh from support, we currently do not have any built-in parsing for os logs. So what you can do is set the type to whatever type makes sense to you, maybe "raspbian" and then you can use our data parsing wizard to parse the logs.
Please sign in to leave a comment.