Nginx Visualizations
User agent and status code visualizations can help to show processing activity and web server insights.

NGINX is open source software for web serving, reverse proxying, caching, load balancing, media streaming, and more. It started out as a web server designed for maximum performance and stability. In addition to its HTTP server capabilities, NGINX can also function as a proxy server for email (IMAP, POP3, and SMTP) and a reverse proxy and load balancer for HTTP, TCP, and UDP servers.
Below are a number of pre-built visualizations with the relevant fields needed to create visualizations in your account. Please contact [email protected] with any questions.
NGINX Visualization Examples
NGINX Logs – Top 10 User Agents
{
"query": {
"query": "",
"language": "kuery"
},
"filter": [],
"indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index"
}
[
{
"name": "kibanaSavedObjectMeta.searchSourceJSON.index",
"type": "index-pattern",
"id": "ADD-YOUR-INDEX-ID-HERE"
}
]
{
"vis": {
"params": {
"sort": {
"columnIndex": null,
"direction": null
}
}
}
}
{
"title": "Nginx Logs - Top 10 User Agents",
"type": "table",
"params": {
"perPage": 10,
"showPartialRows": false,
"showMetricsAtAllLevels": false,
"sort": {
"columnIndex": null,
"direction": null
},
"showTotal": false,
"totalFunc": "sum",
"dimensions": {
"metrics": [
{
"accessor": 1,
"format": {
"id": "number"
},
"params": {},
"aggType": "count"
}
],
"buckets": [
{
"accessor": 0,
"format": {
"id": "terms",
"params": {
"id": "string",
"otherBucketLabel": "Other",
"missingBucketLabel": "Missing"
}
},
"params": {},
"aggType": "terms"
}
]
}
},
"aggs": [
{
"id": "1",
"enabled": true,
"type": "count",
"schema": "metric",
"params": {}
},
{
"id": "2",
"enabled": true,
"type": "terms",
"schema": "bucket",
"params": {
"field": "cs_user_agent",
"order": "desc",
"size": 10,
"orderBy": "1",
"otherBucket": false,
"otherBucketLabel": "Other",
"missingBucket": false,
"missingBucketLabel": "Missing",
"customLabel": "User Agent"
}
}
]
}

NGINX Logs – Status Code by IP Address
{
"query": {
"query": "",
"language": "kuery"
},
"filter": [],
"indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index"
}
[
{
"name": "kibanaSavedObjectMeta.searchSourceJSON.index",
"type": "index-pattern",
"id": "ADD-INDEX-ID-HERE"
}
]
{
"vis": {
"params": {
"sort": {
"columnIndex": null,
"direction": null
}
}
}
}
{
"title": "Nginx Logs - Status Code by IP Address",
"type": "table",
"params": {
"perPage": 10,
"showPartialRows": false,
"showMetricsAtAllLevels": false,
"sort": {
"columnIndex": null,
"direction": null
},
"showTotal": false,
"totalFunc": "sum",
"dimensions": {
"metrics": [
{
"accessor": 2,
"format": {
"id": "number"
},
"params": {},
"aggType": "count"
}
],
"buckets": [
{
"accessor": 0,
"format": {
"id": "terms",
"params": {
"id": "number",
"otherBucketLabel": "Other",
"missingBucketLabel": "Missing"
}
},
"params": {},
"aggType": "terms"
},
{
"accessor": 1,
"format": {
"id": "terms",
"params": {
"id": "string",
"otherBucketLabel": "Other",
"missingBucketLabel": "Missing"
}
},
"params": {},
"aggType": "terms"
}
]
}
},
"aggs": [
{
"id": "1",
"enabled": true,
"type": "count",
"schema": "metric",
"params": {}
},
{
"id": "2",
"enabled": true,
"type": "terms",
"schema": "bucket",
"params": {
"field": "sc_status",
"order": "desc",
"size": 5,
"orderBy": "1",
"otherBucket": false,
"otherBucketLabel": "Other",
"missingBucket": false,
"missingBucketLabel": "Missing",
"customLabel": "Status Code"
}
},
{
"id": "3",
"enabled": true,
"type": "terms",
"schema": "bucket",
"params": {
"field": "c_ip",
"order": "desc",
"size": 5,
"orderBy": "1",
"otherBucket": false,
"otherBucketLabel": "Other",
"missingBucket": false,
"missingBucketLabel": "Missing",
"customLabel": "IP Address"
}
}
]
}

NGINX Logs – Daily User-Agent Access
{
"query": {
"query": "",
"language": "kuery"
},
"filter": [],
"indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index"
}
[
{
"name": "kibanaSavedObjectMeta.searchSourceJSON.index",
"type": "index-pattern",
"id": "ADD-INDEX-ID-HERE"
}
]
{
"title": "Nginx Logs - Daily User Agent Access",
"type": "line",
"params": {
"type": "line",
"grid": {
"categoryLines": false
},
"categoryAxes": [
{
"id": "CategoryAxis-1",
"type": "category",
"position": "bottom",
"show": true,
"style": {},
"scale": {
"type": "linear"
},
"labels": {
"show": true,
"truncate": 100
},
"title": {}
}
],
"valueAxes": [
{
"id": "ValueAxis-1",
"name": "LeftAxis-1",
"type": "value",
"position": "left",
"show": true,
"style": {},
"scale": {
"type": "linear",
"mode": "normal"
},
"labels": {
"show": true,
"rotate": 0,
"filter": false,
"truncate": 100
},
"title": {
"text": "Count"
}
}
],
"seriesParams": [
{
"show": "true",
"type": "line",
"mode": "normal",
"data": {
"label": "Count",
"id": "1"
},
"valueAxis": "ValueAxis-1",
"drawLinesBetweenPoints": true,
"showCircles": true
}
],
"addTooltip": true,
"addLegend": true,
"legendPosition": "right",
"times": [],
"addTimeMarker": false,
"dimensions": {
"x": {
"accessor": 0,
"format": {
"id": "date",
"params": {
"pattern": "YYYY-MM-DD"
}
},
"params": {
"date": true,
"interval": "P1D",
"format": "YYYY-MM-DD"
},
"aggType": "date_histogram"
},
"y": [
{
"accessor": 2,
"format": {
"id": "number"
},
"params": {},
"aggType": "count"
}
],
"series": [
{
"accessor": 1,
"format": {
"id": "terms",
"params": {
"id": "string",
"otherBucketLabel": "Other",
"missingBucketLabel": "Missing"
}
},
"params": {},
"aggType": "terms"
}
]
}
},
"aggs": [
{
"id": "1",
"enabled": true,
"type": "count",
"schema": "metric",
"params": {}
},
{
"id": "2",
"enabled": true,
"type": "date_histogram",
"schema": "segment",
"params": {
"field": "timestamp",
"timeRange": {
"from": "now-15m",
"to": "now"
},
"useNormalizedEsInterval": true,
"interval": "h",
"drop_partials": false,
"min_doc_count": 1,
"extended_bounds": {}
}
},
{
"id": "3",
"enabled": true,
"type": "terms",
"schema": "group",
"params": {
"field": "cs_user_agent",
"order": "desc",
"size": 5,
"orderBy": "1",
"otherBucket": false,
"otherBucketLabel": "Other",
"missingBucket": false,
"missingBucketLabel": "Missing"
}
}
]
}

NGINX Logs – Non-200 Status Codes
{
"query": {
"query": "",
"language": "kuery"
},
"filter": [
{
"meta": {
"negate": true,
"type": "phrase",
"key": "sc_status",
"value": "200",
"params": {
"query": 200
},
"disabled": false,
"alias": null,
"indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index"
},
"query": {
"match": {
"sc_status": {
"query": 200,
"type": "phrase"
}
}
},
"$state": {
"store": "appState"
}
}
],
"indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index"
}
[
{
"name": "kibanaSavedObjectMeta.searchSourceJSON.index",
"type": "index-pattern",
"id": "ADD-INDEX-ID-HERE"
},
{
"name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
"type": "index-pattern",
"id": "ADD-INDEX-ID-HERE"
}
]
{
"title": "Nginx Logs - Non-200 Status Codes",
"type": "pie",
"params": {
"type": "pie",
"addTooltip": true,
"addLegend": true,
"legendPosition": "top",
"isDonut": true,
"labels": {
"show": false,
"values": true,
"last_level": true,
"truncate": 100
},
"dimensions": {
"metric": {
"accessor": 1,
"format": {
"id": "number"
},
"params": {},
"aggType": "count"
},
"buckets": [
{
"accessor": 0,
"format": {
"id": "terms",
"params": {
"id": "number",
"otherBucketLabel": "Other",
"missingBucketLabel": "Missing"
}
},
"params": {},
"aggType": "terms"
}
]
}
},
"aggs": [
{
"id": "1",
"enabled": true,
"type": "count",
"schema": "metric",
"params": {}
},
{
"id": "2",
"enabled": true,
"type": "terms",
"schema": "segment",
"params": {
"field": "sc_status",
"order": "desc",
"size": 5,
"orderBy": "1",
"otherBucket": false,
"otherBucketLabel": "Other",
"missingBucket": false,
"missingBucketLabel": "Missing"
}
}
]
}

NGINX Dashboard

Updated about 1 year ago