Nginx Visualizations

User agent and status code visualizations can help to show processing activity and web server insights.

360

NGINX is open source software for web serving, reverse proxying, caching, load balancing, media streaming, and more. It started out as a web server designed for maximum performance and stability. In addition to its HTTP server capabilities, NGINX can also function as a proxy server for email (IMAP, POP3, and SMTP) and a reverse proxy and load balancer for HTTP, TCP, and UDP servers.

Below are a number of pre-built visualizations with the relevant fields needed to create visualizations in your account. Please contact [email protected] with any questions.

NGINX Visualization Examples

NGINX Logs – Top 10 User Agents

{
  "query": {
    "query": "",
    "language": "kuery"
  },
  "filter": [],
  "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index"
}
[
  {
    "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
    "type": "index-pattern",
    "id": "ADD-YOUR-INDEX-ID-HERE"
  }
]
{
  "vis": {
    "params": {
      "sort": {
        "columnIndex": null,
        "direction": null
      }
    }
  }
}
{
  "title": "Nginx Logs - Top 10 User Agents",
  "type": "table",
  "params": {
    "perPage": 10,
    "showPartialRows": false,
    "showMetricsAtAllLevels": false,
    "sort": {
      "columnIndex": null,
      "direction": null
    },
    "showTotal": false,
    "totalFunc": "sum",
    "dimensions": {
      "metrics": [
        {
          "accessor": 1,
          "format": {
            "id": "number"
          },
          "params": {},
          "aggType": "count"
        }
      ],
      "buckets": [
        {
          "accessor": 0,
          "format": {
            "id": "terms",
            "params": {
              "id": "string",
              "otherBucketLabel": "Other",
              "missingBucketLabel": "Missing"
            }
          },
          "params": {},
          "aggType": "terms"
        }
      ]
    }
  },
  "aggs": [
    {
      "id": "1",
      "enabled": true,
      "type": "count",
      "schema": "metric",
      "params": {}
    },
    {
      "id": "2",
      "enabled": true,
      "type": "terms",
      "schema": "bucket",
      "params": {
        "field": "cs_user_agent",
        "order": "desc",
        "size": 10,
        "orderBy": "1",
        "otherBucket": false,
        "otherBucketLabel": "Other",
        "missingBucket": false,
        "missingBucketLabel": "Missing",
        "customLabel": "User Agent"
      }
    }
  ]
}
3110

NGINX Logs – Status Code by IP Address

{
  "query": {
    "query": "",
    "language": "kuery"
  },
  "filter": [],
  "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index"
}
[
  {
    "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
    "type": "index-pattern",
    "id": "ADD-INDEX-ID-HERE"
  }
]
{
  "vis": {
    "params": {
      "sort": {
        "columnIndex": null,
        "direction": null
      }
    }
  }
}
{
  "title": "Nginx Logs - Status Code by IP Address",
  "type": "table",
  "params": {
    "perPage": 10,
    "showPartialRows": false,
    "showMetricsAtAllLevels": false,
    "sort": {
      "columnIndex": null,
      "direction": null
    },
    "showTotal": false,
    "totalFunc": "sum",
    "dimensions": {
      "metrics": [
        {
          "accessor": 2,
          "format": {
            "id": "number"
          },
          "params": {},
          "aggType": "count"
        }
      ],
      "buckets": [
        {
          "accessor": 0,
          "format": {
            "id": "terms",
            "params": {
              "id": "number",
              "otherBucketLabel": "Other",
              "missingBucketLabel": "Missing"
            }
          },
          "params": {},
          "aggType": "terms"
        },
        {
          "accessor": 1,
          "format": {
            "id": "terms",
            "params": {
              "id": "string",
              "otherBucketLabel": "Other",
              "missingBucketLabel": "Missing"
            }
          },
          "params": {},
          "aggType": "terms"
        }
      ]
    }
  },
  "aggs": [
    {
      "id": "1",
      "enabled": true,
      "type": "count",
      "schema": "metric",
      "params": {}
    },
    {
      "id": "2",
      "enabled": true,
      "type": "terms",
      "schema": "bucket",
      "params": {
        "field": "sc_status",
        "order": "desc",
        "size": 5,
        "orderBy": "1",
        "otherBucket": false,
        "otherBucketLabel": "Other",
        "missingBucket": false,
        "missingBucketLabel": "Missing",
        "customLabel": "Status Code"
      }
    },
    {
      "id": "3",
      "enabled": true,
      "type": "terms",
      "schema": "bucket",
      "params": {
        "field": "c_ip",
        "order": "desc",
        "size": 5,
        "orderBy": "1",
        "otherBucket": false,
        "otherBucketLabel": "Other",
        "missingBucket": false,
        "missingBucketLabel": "Missing",
        "customLabel": "IP Address"
      }
    }
  ]
}
3106

NGINX Logs – Daily User-Agent Access

{
  "query": {
    "query": "",
    "language": "kuery"
  },
  "filter": [],
  "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index"
}
[
  {
    "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
    "type": "index-pattern",
    "id": "ADD-INDEX-ID-HERE"
  }
]
{
  "title": "Nginx Logs - Daily User Agent Access",
  "type": "line",
  "params": {
    "type": "line",
    "grid": {
      "categoryLines": false
    },
    "categoryAxes": [
      {
        "id": "CategoryAxis-1",
        "type": "category",
        "position": "bottom",
        "show": true,
        "style": {},
        "scale": {
          "type": "linear"
        },
        "labels": {
          "show": true,
          "truncate": 100
        },
        "title": {}
      }
    ],
    "valueAxes": [
      {
        "id": "ValueAxis-1",
        "name": "LeftAxis-1",
        "type": "value",
        "position": "left",
        "show": true,
        "style": {},
        "scale": {
          "type": "linear",
          "mode": "normal"
        },
        "labels": {
          "show": true,
          "rotate": 0,
          "filter": false,
          "truncate": 100
        },
        "title": {
          "text": "Count"
        }
      }
    ],
    "seriesParams": [
      {
        "show": "true",
        "type": "line",
        "mode": "normal",
        "data": {
          "label": "Count",
          "id": "1"
        },
        "valueAxis": "ValueAxis-1",
        "drawLinesBetweenPoints": true,
        "showCircles": true
      }
    ],
    "addTooltip": true,
    "addLegend": true,
    "legendPosition": "right",
    "times": [],
    "addTimeMarker": false,
    "dimensions": {
      "x": {
        "accessor": 0,
        "format": {
          "id": "date",
          "params": {
            "pattern": "YYYY-MM-DD"
          }
        },
        "params": {
          "date": true,
          "interval": "P1D",
          "format": "YYYY-MM-DD"
        },
        "aggType": "date_histogram"
      },
      "y": [
        {
          "accessor": 2,
          "format": {
            "id": "number"
          },
          "params": {},
          "aggType": "count"
        }
      ],
      "series": [
        {
          "accessor": 1,
          "format": {
            "id": "terms",
            "params": {
              "id": "string",
              "otherBucketLabel": "Other",
              "missingBucketLabel": "Missing"
            }
          },
          "params": {},
          "aggType": "terms"
        }
      ]
    }
  },
  "aggs": [
    {
      "id": "1",
      "enabled": true,
      "type": "count",
      "schema": "metric",
      "params": {}
    },
    {
      "id": "2",
      "enabled": true,
      "type": "date_histogram",
      "schema": "segment",
      "params": {
        "field": "timestamp",
        "timeRange": {
          "from": "now-15m",
          "to": "now"
        },
        "useNormalizedEsInterval": true,
        "interval": "h",
        "drop_partials": false,
        "min_doc_count": 1,
        "extended_bounds": {}
      }
    },
    {
      "id": "3",
      "enabled": true,
      "type": "terms",
      "schema": "group",
      "params": {
        "field": "cs_user_agent",
        "order": "desc",
        "size": 5,
        "orderBy": "1",
        "otherBucket": false,
        "otherBucketLabel": "Other",
        "missingBucket": false,
        "missingBucketLabel": "Missing"
      }
    }
  ]
}
3112

NGINX Logs – Non-200 Status Codes

{
  "query": {
    "query": "",
    "language": "kuery"
  },
  "filter": [
    {
      "meta": {
        "negate": true,
        "type": "phrase",
        "key": "sc_status",
        "value": "200",
        "params": {
          "query": 200
        },
        "disabled": false,
        "alias": null,
        "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index"
      },
      "query": {
        "match": {
          "sc_status": {
            "query": 200,
            "type": "phrase"
          }
        }
      },
      "$state": {
        "store": "appState"
      }
    }
  ],
  "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index"
}
[
  {
    "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
    "type": "index-pattern",
    "id": "ADD-INDEX-ID-HERE"
  },
  {
    "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
    "type": "index-pattern",
    "id": "ADD-INDEX-ID-HERE"
  }
]
{
  "title": "Nginx Logs - Non-200 Status Codes",
  "type": "pie",
  "params": {
    "type": "pie",
    "addTooltip": true,
    "addLegend": true,
    "legendPosition": "top",
    "isDonut": true,
    "labels": {
      "show": false,
      "values": true,
      "last_level": true,
      "truncate": 100
    },
    "dimensions": {
      "metric": {
        "accessor": 1,
        "format": {
          "id": "number"
        },
        "params": {},
        "aggType": "count"
      },
      "buckets": [
        {
          "accessor": 0,
          "format": {
            "id": "terms",
            "params": {
              "id": "number",
              "otherBucketLabel": "Other",
              "missingBucketLabel": "Missing"
            }
          },
          "params": {},
          "aggType": "terms"
        }
      ]
    }
  },
  "aggs": [
    {
      "id": "1",
      "enabled": true,
      "type": "count",
      "schema": "metric",
      "params": {}
    },
    {
      "id": "2",
      "enabled": true,
      "type": "terms",
      "schema": "segment",
      "params": {
        "field": "sc_status",
        "order": "desc",
        "size": 5,
        "orderBy": "1",
        "otherBucket": false,
        "otherBucketLabel": "Other",
        "missingBucket": false,
        "missingBucketLabel": "Missing"
      }
    }
  ]
}
3108

NGINX Dashboard

3354