Change log for NGINX
| Date | Changes |
|---|---|
| 2025-12-19 | Enhancement:
- event.idm.read_only_udm.target.ip: Removed mapping of `remote_ip` from `event.idm.read_only_udm.target.ip` UDM field to introduce more accurate mapping. - event.idm.read_only_udm.target.asset.ip: Removed mapping of `remote_ip` from `event.idm.read_only_udm.target.asset.ip` UDM field to introduce more accurate mapping. - event.idm.read_only_udm.principal.ip: Mapped `remote_ip` raw log field to `event.idm.read_only_udm.principal.ip` UDM field. - event.idm.read_only_udm.network.sent_bytes: Removed mapping of `jsonPayload.requestSize` from `event.idm.read_only_udm.network.sent_bytes` UDM field to introduce more accurate mapping. - event.idm.read_only_udm.network.received_bytes: Mapped `jsonPayload.requestSize` raw log field to `event.idm.read_only_udm.network.received_bytes` UDM field. - event.idm.read_only_udm.network.received_bytes: Removed mapping of `jsonPayload.responseSize` from `event.idm.read_only_udm.network.received_bytes` UDM field to introduce more accurate mapping. - event.idm.read_only_udm.network.sent_bytes: Mapped `jsonPayload.responseSize` raw log field to `event.idm.read_only_udm.network.sent_bytes` UDM field. - event.idm.read_only_udm.target.hostname: Newly mapped `labels.compute_googleapis_com/resource_name` raw log field with `event.idm.read_only_udm.target.hostname` UDM field. - event.idm.read_only_udm.target.resource.attribute.labels: Removed mapping of `labels.compute_googleapis_com/resource_name` raw log field from `event.idm.read_only_udm.target.resource.attribute.labels` UDM field to introduce more accurate mapping. - event.idm.read_only_udm.target.resource.product_object_id: Newly mapped `resource.labels.instance_id` raw log field with `event.idm.read_only_udm.target.resource.product_object_id` UDM field. - event.idm.read_only_udm.target.resource.attribute.labels: Removed mapping of `resource.labels.instance_id` from `event.idm.read_only_udm.target.resource.attribute.labels` UDM field to introduce more accurate mapping. - event.idm.read_only_udm.target.resource_ancestors.name: Newly mapped `resource.labels.project_id` raw log field with `event.idm.read_only_udm.target.resource_ancestors.name` UDM field. - event.idm.read_only_udm.target.resource.attribute.labels: Removed mapping of `resource.labels.project_id` from `event.idm.read_only_udm.target.resource.attribute.labels` UDM field to introduce more accurate mapping. - event.idm.read_only_udm.target.resource.attribute.cloud.availability_zone: Newly mapped `resource.labels.zone` raw log field with `event.idm.read_only_udm.target.resource.attribute.cloud.availability_zone` UDM field. - event.idm.read_only_udm.target.resource.attribute.labels: Removed mapping of `resource.labels.zone` from `event.idm.read_only_udm.target.resource.attribute.labels` UDM field to introduce more accurate mapping. - event.idm.read_only_udm.target.resource.resource_type: Newly mapped `resource.type` (when equal to "gce_instance") raw log field with `event.idm.read_only_udm.target.resource.resource_type` UDM field. - event.idm.read_only_udm.target.resource.attribute.labels: Removed mapping of `resource.type` from `event.idm.read_only_udm.target.resource.attribute.labels` UDM field to introduce more accurate mapping. |
| 2025-12-17 | Enhancement:
- event.idm.read_only_udm.metadata.event_timestamp: Newly mapped year, month, day, log_time, date raw log field(s) with event.idm.read_only_udm.metadata.event_timestamp UDM field. - event.idm.read_only_udm.metadata.product_log_id: Newly mapped product_log_id raw log field(s) with event.idm.read_only_udm.metadata.product_log_id UDM field. - event.idm.read_only_udm.principal.ip: Newly mapped src_ip raw log field(s) with event.idm.read_only_udm.principal.ip UDM field. - event.idm.read_only_udm.principal.port: Newly mapped source_port raw log field(s) with event.idm.read_only_udm.principal.port UDM field. - event.idm.read_only_udm.principal.hostname: Newly mapped log_hostname raw log field(s) with event.idm.read_only_udm.principal.hostname UDM field. - event.idm.read_only_udm.principal.process.pid: Newly mapped pid raw log field(s) with event.idm.read_only_udm.principal.process.pid UDM field. - event.idm.read_only_udm.principal.nat_ip: Newly mapped translated_src raw log field(s) with event.idm.read_only_udm.principal.nat_ip UDM field. - event.idm.read_only_udm.principal.user.userid: Newly mapped user_name raw log field(s) with event.idm.read_only_udm.principal.user.userid UDM field. - event.idm.read_only_udm.metadata.product_version: Newly mapped nginx_version, vers raw log field(s) with event.idm.read_only_udm.metadata.product_version UDM field. - event.idm.read_only_udm.target.ip: Newly mapped dst_ip raw log field(s) with event.idm.read_only_udm.target.ip UDM field. - event.idm.read_only_udm.target.port: Newly mapped dst_port raw log field(s) with event.idm.read_only_udm.target.port UDM field. - event.idm.read_only_udm.target.url: Newly mapped uri raw log field(s) with event.idm.read_only_udm.target.url UDM field. - event.idm.read_only_udm.network.application_protocol: Newly mapped application_protocol raw log field(s) with event.idm.read_only_udm.network.application_protocol UDM field. - event.idm.read_only_udm.network.application_protocol_version: Newly mapped version raw log field(s) with event.idm.read_only_udm.network.application_protocol_version UDM field. - event.idm.read_only_udm.network.http.response_code: Newly mapped status_code raw log field(s) with event.idm.read_only_udm.network.http.response_code UDM field. - event.idm.read_only_udm.network.http.referral_url: Newly mapped http_referer raw log field(s) with event.idm.read_only_udm.network.http.referral_url UDM field. - event.idm.read_only_udm.network.http.user_agent: Newly mapped http_user_agent raw log field(s) with event.idm.read_only_udm.network.http.user_agent UDM field. - event.idm.read_only_udm.network.http.parsed_user_agent: Newly mapped http_user_agent raw log field(s) with event.idm.read_only_udm.network.http.parsed_user_agent UDM field. - event.idm.read_only_udm.network.received_bytes: Newly mapped bytes raw log field(s) with event.idm.read_only_udm.network.received_bytes UDM field. - event.idm.read_only_udm.network.http.method: Newly mapped http_method raw log field(s) with event.idm.read_only_udm.network.http.method UDM field. - event.idm.read_only_udm.security_result.detection_fields: Newly mapped (learning, total_processed, total_blocked, block, cscore0, score0, cscore1, score1, zone0, id0, http_x_forwarded_for) field(s) with event.idm.read_only_udm.security_result.detection_fields. - event.idm.read_only_udm.additional.fields: Newly mapped http_content_type raw log field(s) with event.idm.read_only_udm.additional.fields UDM field. - event.idm.read_only_udm.security_result.severity_details: Newly mapped log_level raw log field(s) with event.idm.read_only_udm.security_result.severity_details UDM field. - event.idm.read_only_udm.security_result.about.url: Newly mapped url raw log field(s) with event.idm.read_only_udm.security_result.about.url UDM field. - Other Updates: - Two new grok patterns were added to support additional NGINX log formats, including key-value pair logs. - A kv filter was introduced to parse fields from logs containing key-value data. - A grok filter was added to parse the protocol field to extract the application_protocol and version. |
| 2025-12-17 | Enhancement:
- event.idm.read_only_udm.metadata.event_timestamp: Newly mapped year, month, day, log_time, date raw log field(s) with event.idm.read_only_udm.metadata.event_timestamp UDM field. - event.idm.read_only_udm.metadata.product_log_id: Newly mapped product_log_id raw log field(s) with event.idm.read_only_udm.metadata.product_log_id UDM field. - event.idm.read_only_udm.principal.ip: Newly mapped src_ip raw log field(s) with event.idm.read_only_udm.principal.ip UDM field. - event.idm.read_only_udm.principal.port: Newly mapped source_port raw log field(s) with event.idm.read_only_udm.principal.port UDM field. - event.idm.read_only_udm.principal.hostname: Newly mapped log_hostname raw log field(s) with event.idm.read_only_udm.principal.hostname UDM field. - event.idm.read_only_udm.principal.process.pid: Newly mapped pid raw log field(s) with event.idm.read_only_udm.principal.process.pid UDM field. - event.idm.read_only_udm.principal.nat_ip: Newly mapped translated_src raw log field(s) with event.idm.read_only_udm.principal.nat_ip UDM field. - event.idm.read_only_udm.principal.user.userid: Newly mapped user_name raw log field(s) with event.idm.read_only_udm.principal.user.userid UDM field. - event.idm.read_only_udm.metadata.product_version: Newly mapped nginx_version, vers raw log field(s) with event.idm.read_only_udm.metadata.product_version UDM field. - event.idm.read_only_udm.target.ip: Newly mapped dst_ip raw log field(s) with event.idm.read_only_udm.target.ip UDM field. - event.idm.read_only_udm.target.port: Newly mapped dst_port raw log field(s) with event.idm.read_only_udm.target.port UDM field. - event.idm.read_only_udm.target.url: Newly mapped uri raw log field(s) with event.idm.read_only_udm.target.url UDM field. - event.idm.read_only_udm.network.application_protocol: Newly mapped application_protocol raw log field(s) with event.idm.read_only_udm.network.application_protocol UDM field. - event.idm.read_only_udm.network.application_protocol_version: Newly mapped version raw log field(s) with event.idm.read_only_udm.network.application_protocol_version UDM field. - event.idm.read_only_udm.network.http.response_code: Newly mapped status_code raw log field(s) with event.idm.read_only_udm.network.http.response_code UDM field. - event.idm.read_only_udm.network.http.referral_url: Newly mapped http_referer raw log field(s) with event.idm.read_only_udm.network.http.referral_url UDM field. - event.idm.read_only_udm.network.http.user_agent: Newly mapped http_user_agent raw log field(s) with event.idm.read_only_udm.network.http.user_agent UDM field. - event.idm.read_only_udm.network.http.parsed_user_agent: Newly mapped http_user_agent raw log field(s) with event.idm.read_only_udm.network.http.parsed_user_agent UDM field. - event.idm.read_only_udm.network.received_bytes: Newly mapped bytes raw log field(s) with event.idm.read_only_udm.network.received_bytes UDM field. - event.idm.read_only_udm.network.http.method: Newly mapped http_method raw log field(s) with event.idm.read_only_udm.network.http.method UDM field. - event.idm.read_only_udm.security_result.detection_fields: Newly mapped (learning, total_processed, total_blocked, block, cscore0, score0, cscore1, score1, zone0, id0, http_x_forwarded_for) field(s) with event.idm.read_only_udm.security_result.detection_fields. - event.idm.read_only_udm.additional.fields: Newly mapped http_content_type raw log field(s) with event.idm.read_only_udm.additional.fields UDM field. - event.idm.read_only_udm.security_result.severity_details: Newly mapped log_level raw log field(s) with event.idm.read_only_udm.security_result.severity_details UDM field. - event.idm.read_only_udm.security_result.about.url: Newly mapped url raw log field(s) with event.idm.read_only_udm.security_result.about.url UDM field. - Other Updates: - Two new grok patterns were added to support additional NGINX log formats, including key-value pair logs. - A kv filter was introduced to parse fields from logs containing key-value data. - A grok filter was added to parse the protocol field to extract the application_protocol and version. |
| 2025-12-04 | Enhancement:
- event.idm.read_only_udm.metadata.product_log_id: Newly mapped `insertId` raw log field with `event.idm.read_only_udm.metadata.product_log_id` UDM field. - event.idm.read_only_udm.additional.fields: Newly mapped `jsonPayload.latency` raw log field as a custom label with key "latency" with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.network.application_protocol: Newly mapped from the extracted `application_protocol` from jsonPayload.protocol with `event.idm.read_only_udm.network.application_protocol` UDM field. - event.idm.read_only_udm.network.application_protocol_version: Newly mapped from the extracted `version` from jsonPayload.protocol with `event.idm.read_only_udm.network.application_protocol_version` UDM field. - event.idm.read_only_udm.target.ip: Newly mapped `remoteIp` raw log field with `event.idm.read_only_udm.target.ip` UDM field. - event.idm.read_only_udm.network.http.method: Newly mapped `jsonPayload.requestMethod` raw log field with `event.idm.read_only_udm.network.http.method` UDM field. - event.idm.read_only_udm.network.sent_bytes: Newly mapped `jsonPayload.requestSize` raw log field with `event.idm.read_only_udm.network.sent_bytes` UDM field. - event.idm.read_only_udm.network.http.referral_url: Newly mapped `jsonPayload.requestUrl` raw log field with `event.idm.read_only_udm.network.http.referral_url` UDM field. - event.idm.read_only_udm.network.received_bytes: Newly mapped `jsonPayload.responseSize` raw log field with `event.idm.read_only_udm.network.received_bytes` UDM field. - event.idm.read_only_udm.target.ip: Newly mapped `jsonPayload.serverIp` raw log field with `event.idm.read_only_udm.target.ip` UDM field. - event.idm.read_only_udm.network.http.response_code: Newly mapped `jsonPayload.status` raw log field with `event.idm.read_only_udm.network.http.response_code` UDM field. - event.idm.read_only_udm.network.http.user_agent: Newly mapped `jsonPayload.userAgent` raw log field with `event.idm.read_only_udm.network.http.user_agent` UDM field. - event.idm.read_only_udm.network.http.parsed_user_agent: Newly mapped `jsonPayload.userAgent` raw log field with `event.idm.read_only_udm.network.http.parsed_user_agent` UDM field. - event.idm.read_only_udm.additional.fields: Newly mapped `labels`, `terminal`, `logName` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.target.resource.attribute.labels: Newly mapped `resource.labels` raw log field with `event.idm.read_only_udm.target.resource.attribute.labels` UDM field. - event.idm.read_only_udm.target.resource.attribute.labels: Newly mapped `resource.type` raw log field with key "resource_type" with `event.idm.read_only_udm.target.resource.attribute.labels` UDM field. - event.idm.read_only_udm.target.resource.name: Newly mapped `resource.name` raw log field with `event.idm.read_only_udm.target.resource.name` UDM field. - event.idm.read_only_udm.metadata.event_timestamp: Newly mapped `timestamp` raw log field with `event.idm.read_only_udm.metadata.event_timestamp` UDM field. - event.idm.read_only_udm.metadata.event_type: If "has_principal" is "true" and "has_target" is "true" and "is_http" is "true", then mapped `event.idm.read_only_udm.metadata.event_type` UDM field with "NETWORK_HTTP". - event.idm.read_only_udm.metadata.event_type: If "has_principal" is "true" and "has_target" is "true", then mapped `event.idm.read_only_udm.metadata.event_type` UDM field with "NETWORK_CONNECTION". - event.idm.read_only_udm.metadata.event_type: If "has_principal" is "true", then mapped `event.idm.read_only_udm.metadata.event_type` UDM field with "STATUS_UPDATE". |
| 2025-07-23 | Enhancement:
- Updated grok pattern to retrieve target_ip. |
| 2025-06-23 | Enhancement:
- Added a Grok pattern to fetch only the required "user_agent" data and map it to "network.http.user_agent" UDM field. - event.idm.read_only_udm.network.http.parsed_user_agent: Newly mapped `user_agent` raw log field with `event.idm.read_only_udm.network.http.parsed_user_agent` UDM field |
| 2022-09-10 | -Newly created parser.
-Created default parser and deleted customer specific parser. |