Source types for the Splunk Add-on for NGINX¶
The Splunk Add-on for NGINX provides the index-time and search-time knowledge for NGINX Web server activities in the following formats.
| Source type | Description | CIM data models | ITSI data models |
|---|---|---|---|
nginx:plus:access |
NGINX access log in the predefined combined format | Web | Web Server |
nginx:plus:kv |
NGINX access log in the custom key-value pair format | Web | Web Server |
nginx:app:protect |
NGINX App Protect security log in the predefined combined format | Intrusion Detection | |
nginx:plus:api |
NGINX performance metrics | ||
nginx:plus:error |
NGINX error log |
For the NGINX access log, use the custom key-value pair format, which contains more verbose information and is easier to parse.