Splunk® Supported Add-ons

Splunk Add-on for NGINX

Source types for the Splunk Add-on for NGINX

The Splunk Add-on for NGINX provides the index-time and search-time knowledge for NGINX Web server activities in the following formats.

Source type Description CIM data models ITSI data models
nginx:plus:access NGINX access log in the predefined combined format Web Web Server
nginx:plus:kv NGINX access log in the custom key-value pair format Web Web Server
nginx:app:protect NGINX App Protect security log in the predefined combined format Intrusion Detection
nginx:plus:api NGINX performance metrics
nginx:plus:error NGINX error log

Regarding the NGINX access log, Splunk recommends using the custom key-value pair format, which contains more verbose information and is easier to parse.

Last modified on 16 September, 2024
Lookups for the Splunk Add-on for NGINX   Release notes for the Splunk Add-on for NGINX

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters