lnav/src/default-log-formats.json

{
    "syslog_log" : {
        "regex" : [
            "^(?P<timestamp>\\w{3}\\s+\\d{1,2} \\d{2}:\\d{2}:\\d{2})(?: (?P<log_hostname>[a-zA-Z0-9][^ ]+))?(?:(?: (?P<log_procname>[^ \\[:]+)(?:\\[(?P<log_pid>\\d+)])?:(?P<body>.*))|(?:(?: ---)? last message repeated \\d+ times?(?: ---)?))"
        ],
        "level-field" : "body",
        "level" : {
            "error" : "(?:failed|failure|error)",
            "warning" : "(?:warn|not responding|init: cannot execute)"
        },
        "value" : {
            "log_hostname" : {
                "kind" : "string",
                "collate" : "ipaddress",
                "identifier" : true
            },
            "log_procname" : {
                "kind" : "string",
                "identifier" : true
            },
            "log_pid" : {
                "kind" : "string",
                "identifier" : true
            }
        }
    },
    "access_log" : {
        "regex" : ["^(?<c_ip>[\\w\\.\\-]+) [\\w\\.\\-]+ (?<cs_username>[\\w\\.\\-]+) \\[(?<timestamp>[^\\]]+)\\] \"(?:\\-|(?<cs_method>\\w+) (?<cs_uri_stem>[^ \\?]+)(?:\\?(?<cs_uri_query>[^ ]*))? (?<cs_version>[\\w/\\.]+))\" (?<sc_status>\\d+) (?<sc_bytes>\\d+|-)(?: \"(?<cs_referer>[^\"]+)\" \"(?<cs_user_agent>[^\"]+)\")?.*"],
        "level-field": "sc_status",
        "level" : {
            "error" : "^[^123]"
            },
        "value" : {
            "c_ip" : {
                "kind" : "string",
                "collate" : "ipaddress",
                "identifier" : true
            },
            "cs_username" : {
                "kind" : "string",
                "identifier" : true
            },
            "cs_method" : {
                "kind" : "string",
                "identifier" : true
            },
            "cs_uri_stem" : {
                "kind" : "string",
                "identifier" : true
            },
            "cs_uri_query" : {
                "kind" : "string"
            },
            "cs_version" : {
                "kind" : "string",
                "identifier" : true
            },
            "sc_status" : {
                "kind" : "integer"
            },
            "sc_bytes" : {
                "kind" : "integer"
            },
            "cs_referer" : {
                "kind" : "string",
                "identifier" : true
            },
            "cs_user_agent" : {
                "kind" : "string",
                "identifier" : true
            }
        }
    },
    "vmw_log" : {
        "regex" : ["^(?<timestamp>\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}Z) \\[(?<tid>\\w+) (?<level>\\w+) '(?<comp>[^']+)'(?: opID=(?<opid>[^ \\]]+))?(?: user=(?<user>[\\w\\-]+))?\\](?<body>.*)$"],
        "level-field": "level",
        "level" : {
            "error" : "error",
            "warning" : "warning",
            "trace" : "verbose"
            },
        "value" : {
            "tid" : {
                "kind" : "string",
                "identifier" : true
            },
            "comp" : {
                "kind" : "string",
                "identifier" : true
            },
            "opid" : {
                "kind" : "string",
                "identifier" : true
            },
            "user" : {
                "kind" : "string",
                "identifier" : true
            }
        }
    },
    "snaplogic_log" : {
        "regex" : ["^(?<timestamp>\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}(?:\\.\\d{3})?) (?<level>\\w+) (?<logger>[^ ]+) (?<facility>[^ ]+) (?<msgid>[^ ]+) (?<pipe_rid>[^ \\.]+)(?:\\.(?<comp_rid>[^ ]+))? (?<resource_name>[^ ]+) (?<invoker>[^ ]+)(?<body>.*)"],
        "level-field" : "level",
        "level" : {
            "error" : "ERROR",
            "debug" : "DEBUG",
            "info" : "INFO",
            "warning" : "WARNING"
        },
        "value" : {
            "logger" : {
                "kind" : "string",
                "identifier" : true
            },
            "facility" : {
                "kind" : "string",
                "identifier" : true
            },
            "msgid" : {
                "kind" : "string",
                "identifier" : true
            },
            "pipe_rid" : {
                "kind" : "string",
                "identifier" : true
            },
            "comp_rid" : {
                "kind" : "string",
                "identifier" : true
            },
            "resource_name" : {
                "kind" : "string",
                "identifier" : true
            },
            "invoker" : {
                "kind" : "string",
                "identifier" : true
            }
        }
    }
}
[log format] some more work to externalize log formats; color identifiers in logs 2013-06-29 13:22:24 +00:00			`{`
[log format] some more log format work 2013-06-29 18:00:34 +00:00			`"syslog_log" : {`
			`"regex" : [`
			`"^(?P<timestamp>\\w{3}\\s+\\d{1,2} \\d{2}:\\d{2}:\\d{2})(?: (?P<log_hostname>[a-zA-Z0-9][^ ]+))?(?:(?: (?P<log_procname>[^ \\[:]+)(?:\\[(?P<log_pid>\\d+)])?:(?P<body>.*))\|(?:(?: ---)? last message repeated \\d+ times?(?: ---)?))"`
			`],`
			`"level-field" : "body",`
			`"level" : {`
			`"error" : "(?:failed\|failure\|error)",`
			`"warning" : "(?:warn\|not responding\|init: cannot execute)"`
			`},`
			`"value" : {`
			`"log_hostname" : {`
			`"kind" : "string",`
			`"collate" : "ipaddress",`
			`"identifier" : true`
			`},`
			`"log_procname" : {`
			`"kind" : "string",`
			`"identifier" : true`
			`},`
			`"log_pid" : {`
			`"kind" : "string",`
			`"identifier" : true`
			`}`
			`}`
			`},`
[log format] some more work to externalize log formats; color identifiers in logs 2013-06-29 13:22:24 +00:00			`"access_log" : {`
[log format] some more log format work 2013-06-29 18:00:34 +00:00			`"regex" : ["^(?<c_ip>[\\w\\.\\-]+) [\\w\\.\\-]+ (?<cs_username>[\\w\\.\\-]+) \\[(?<timestamp>[^\\]]+)\\] \"(?:\\-\|(?<cs_method>\\w+) (?<cs_uri_stem>[^ \\?]+)(?:\\?(?<cs_uri_query>[^ ]))? (?<cs_version>[\\w/\\.]+))\" (?<sc_status>\\d+) (?<sc_bytes>\\d+\|-)(?: \"(?<cs_referer>[^\"]+)\" \"(?<cs_user_agent>[^\"]+)\")?."],`
[log format] some more work to externalize log formats; color identifiers in logs 2013-06-29 13:22:24 +00:00			`"level-field": "sc_status",`
			`"level" : {`
			`"error" : "^[^123]"`
			`},`
			`"value" : {`
			`"c_ip" : {`
			`"kind" : "string",`
			`"collate" : "ipaddress",`
			`"identifier" : true`
			`},`
			`"cs_username" : {`
			`"kind" : "string",`
			`"identifier" : true`
			`},`
			`"cs_method" : {`
			`"kind" : "string",`
			`"identifier" : true`
			`},`
			`"cs_uri_stem" : {`
			`"kind" : "string",`
			`"identifier" : true`
			`},`
			`"cs_uri_query" : {`
			`"kind" : "string"`
			`},`
			`"cs_version" : {`
			`"kind" : "string",`
			`"identifier" : true`
			`},`
			`"sc_status" : {`
			`"kind" : "integer"`
			`},`
			`"sc_bytes" : {`
			`"kind" : "integer"`
			`},`
			`"cs_referer" : {`
			`"kind" : "string",`
			`"identifier" : true`
			`},`
			`"cs_user_agent" : {`
			`"kind" : "string",`
			`"identifier" : true`
			`}`
			`}`
			`},`
			`"vmw_log" : {`
[log format] some more log format work 2013-06-29 18:00:34 +00:00			`"regex" : ["^(?<timestamp>\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}Z) \\[(?<tid>\\w+) (?<level>\\w+) '(?<comp>[^']+)'(?: opID=(?<opid>[^ \\]]+))?(?: user=(?<user>[\\w\\-]+))?\\](?<body>.*)$"],`
[log format] some more work to externalize log formats; color identifiers in logs 2013-06-29 13:22:24 +00:00			`"level-field": "level",`
			`"level" : {`
			`"error" : "error",`
			`"warning" : "warning",`
			`"trace" : "verbose"`
			`},`
			`"value" : {`
			`"tid" : {`
			`"kind" : "string",`
			`"identifier" : true`
			`},`
			`"comp" : {`
			`"kind" : "string",`
			`"identifier" : true`
			`},`
			`"opid" : {`
			`"kind" : "string",`
			`"identifier" : true`
			`},`
			`"user" : {`
			`"kind" : "string",`
			`"identifier" : true`
			`}`
			`}`
			`},`
			`"snaplogic_log" : {`
[log format] some more log format work 2013-06-29 18:00:34 +00:00			`"regex" : ["^(?<timestamp>\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}(?:\\.\\d{3})?) (?<level>\\w+) (?<logger>[^ ]+) (?<facility>[^ ]+) (?<msgid>[^ ]+) (?<pipe_rid>[^ \\.]+)(?:\\.(?<comp_rid>[^ ]+))? (?<resource_name>[^ ]+) (?<invoker>[^ ]+)(?<body>.*)"],`
[log format] some more work to externalize log formats; color identifiers in logs 2013-06-29 13:22:24 +00:00			`"level-field" : "level",`
			`"level" : {`
			`"error" : "ERROR",`
			`"debug" : "DEBUG",`
			`"info" : "INFO",`
			`"warning" : "WARNING"`
			`},`
			`"value" : {`
			`"logger" : {`
			`"kind" : "string",`
			`"identifier" : true`
			`},`
			`"facility" : {`
			`"kind" : "string",`
			`"identifier" : true`
			`},`
			`"msgid" : {`
			`"kind" : "string",`
			`"identifier" : true`
			`},`
			`"pipe_rid" : {`
			`"kind" : "string",`
			`"identifier" : true`
			`},`
			`"comp_rid" : {`
			`"kind" : "string",`
			`"identifier" : true`
			`},`
			`"resource_name" : {`
			`"kind" : "string",`
			`"identifier" : true`
			`},`
			`"invoker" : {`
			`"kind" : "string",`
			`"identifier" : true`
			`}`
			`}`
			`}`
			`}`