Request to support json log format

[lordnynex]

This is a pretty big ask, so I understand if it's not a fit for the goaccess road map. In an attempt to better support an ELK stack I am generating nginx logs in a parsable JSON format. Although I have not tried, it seems possible to generate a log format config that will be able to parse this information, however, it would be a valuable addition to support JSON parsing. Perhaps this could be a compile time option similar to tokyo cabinet? This would be a valuable addition to some existing data processing pipelines that already employ things like logstash.

Feel free to reject.

[allinurl]

Not sure yet about this. However, would you be able to post a few lines of the generated nginx access log?

[bard]

@lordnynex beware, at the moment nginx can't produce valid JSON when characters are escaped. See http://stackoverflow.com/questions/25049667/how-to-generate-a-json-log-from-nginx. Someone has a small patch but it doesn't look like it will make it to nginx.

[allinurl]

After looking into this, I decided not to implement it. That is not to say that currently, if your log contains single JSON log lines, you should be able to parse them with goaccess.

Closing this. Feel free to reopen it if needed.

[lordnynex]

I did get the feeling that it's possible to parse json today, I'm just unfamiliar. If you have ever seen any configurations capable of it, I'd greatly appreciate any pointers.

Regarding your first comment, It is quite possible to generate valid 'new line delimited' JSON log files. In my case, use a heavily modified version of nginx and am able to produce valid logs. The only huge bug for mainline nginx is an undocumented encoding feature when using geoip. If you log city names that have strange characters, currently nginx outputs hex escaped characters which is invalid for json. This is a small edgecase though.

I did not know about the pending json log patch, I will review it, as I think it's a useful feature. My suspicion is that json encoding overhead will not be welcomed by the nginx core development team because logging is already a very tightly buffered operation to avoid slowing down the server with constant disk writes.

I respect your decision to not support it, but I hope there is an alternate work around. I'm noticing in this new age of log analysis projects like logstash etc are transporting and storing logs in json, so I think it's quite a common operation. In my case, even to remove nginx from the equation, I'd aggregate all webserver logs with logstash into one central storage. In that particular setup, it's beneficial to store the logs encoded in JSON to avoid having to parse/grok the log line each time.

An unrelated question: This may be dumb, but is there a way to generate a report from a tokyo cabinet db for a specific date range? I've amassed a huge tokyo db dir from parsing a year of logs, but wanted to generate json reports for more granular timescales. I didn't really see any sort of 'from-date' 'to-date' options in the man page. If this isn't possible, is there any documentation about how data is stored in tokyo so I may write a script to extract it?

Thank you for goaccess, I'm shocked I've never used it earlier. It's a really great tool for me.

[bard]

@lordnynex that patch doesn't add json encoding to nginx, it just replaces the single backslash of escaped characters (e.g. \x22 for double quotes) with double backslashes (e.g. \x22), which is enough to prevent escaped characters from breaking a json-formatted log. A dirty alternative would be to pipe logs into sed to fix that before transferring them to a log collector.

It's a pity because, as you note, the are huge benefits to logs that are easily machine-readable.

[allinurl]

@lordnynex A while back I found a site where somebody was doing something similar. They were using logstash and goaccess, (it was in Japanese as far as I recall). I'll see if I can find the site again.

I think the only challenge on this request, would be the ability to parse a multiline JSON object, other than that the current parser should take care of it.

For single-line json logs, you could do something like this: e.g.,

{ "time":"[11/Aug/2014:17:21:45 +0000]", "remoteIP":"127.0.0.1", "host":"localhost", request":"/index.html", "query":"?ts=100", "method":"GET", "status":"200", "userAgent":"ApacheBench/2.3", "referer":"-" }

and run goaccess as:

goaccess -f log --log-format='%^:"[%d:%t %^]"%^:"%h"%^:%^:"%U"%^:"%q"%^:"%m"%^:"%s"%^:"%u"%^:"%R"%^' --date-format='%d/%b/%Y' --time-format='%T'

If your entries are single-line, feel free to post a few of them and I can take a look at the format.

As far as parsing only a certain time-frame, so far you will have to do some pre-processing (#117 prob will address this).

# sed -n '/5\/Nov\/2010/,/5\/Dec\/2010/ p' access.log | goaccess -a

If the more granular timescales fit in memory, I'd suggest using the default storage since it performs much faster. There are a few examples on the man page.

[allinurl]

@lordnynex Just wanted to check if you were able to parse your log using the above config format? Thanks.

[howardking]

@allinurl My nginx log example as follow, Could you please tell me how to get right log format for goaccess? thx.

{"@timestamp":"2017-04-30T14:05:35+00:00","host":"172.20.2.123","size":22293,"responsetime":0.074,"upstreamtime":"0.074","upstreamhost":"127.0.0.1:9000","http_host":"hostname","uri":"/index.php","request_uri":"request/url","request_method":"GET","country":"br","xff":"179.178.166.246","referer":"-","agent":"some/string","remote_addr":"172.20.2.217","clientip":"179.178.166.246","status":"200"}

[allinurl]

@howardking This should do it:

goaccess access.log --log-format='%^:"%dT%t+%^",%^,%^:%b,%^:%T,%^,%^,%^:"%v",%^:"%U",%^,%^:"%m",%^,%^,%^:"%R",%^:"%u",%^,%^:"%h",%^:"%s"%^' --date-format=%Y-%m-%d --time-format=%T -H no

OR

log-format %^:"%dT%t+%^",%^,%^:%b,%^:%T,%^,%^,%^:"%v",%^:"%U",%^,%^:"%m",%^,%^,%^:"%R",%^:"%u",%^,%^:"%h",%^:"%s"%^
time-format %T
date-format %Y-%m-%d
http-protocol no

[howardking]

@allinurl When I ran the command, I got the error log: command : goaccess -f acces.log -o test.html error log:

Parsing... [0] [0/s]
GoAccess - version 1.0.2 - Oct  9 2016 06:13:21
Config file: /etc/goaccess.conf

Fatal error has occurred
Error occured at: src/goaccess.c - main - 1230
Nothing valid to process. Verify your date/time/log format.

my goaccess.conf is:

######################################
# Time Format Options (required)
######################################
#
# The hour (24-hour clock) [00,23]; leading zeros are permitted but not required.
# The minute [00,59]; leading zeros are permitted but not required.
# The seconds [00,60]; leading zeros are permitted but not required.
# See `man strftime` for more details
#
# The following time format works with any of the
# Apache/NGINX's log formats below.
#
time-format %H:%M:%S
#
# Google Cloud Storage or
# The time in microseconds since the Unix epoch.
#
#time-format %f

# Squid native log format
#
#time-format %s
#time-format %T

######################################
# Date Format Options (required)
######################################
#
# The date-format variable followed by a space, specifies
# the log format date containing any combination of regular
# characters and special format specifiers. They all begin with a
# percentage (%) sign. See `man strftime`
#
# The following date format works with any of the
# Apache/NGINX's log formats below.
#
#date-format %d/%b/%Y
#
# AWS | Amazon CloudFront (Download Distribution)
# AWS | Elastic Load Balancing
# W3C (IIS)
#
date-format %Y-%m-%d
#
# Google Cloud Storage or
# The time in microseconds since the Unix epoch.
#
#date-format %f

# Squid native log format
#
#date-format %s

######################################
# Log Format Options (required)
######################################
#
# The log-format variable followed by a space or \t for
# tab-delimited, specifies the log format string.
#
# NOTE: If the time/date is a timestamp in seconds or microseconds
# %x must be used instead of %d & %t to represent the date & time.

# NCSA Combined Log Format
#
#log-format %h %^[%d:%t %^] "%r" %s %b "%R" "%u"

# NCSA Combined Log Format with Virtual Host
#
#log-format %v:%^ %h %^[%d:%t %^] "%r" %s %b "%R" "%u"

# Common Log Format (CLF)
#
#log-format %h %^[%d:%t %^] "%r" %s %b
#log-format %^:"%dT%t+%^",%^,%^:%b,%^:%T,%^,%^,%^:"%v",%^:"%U",%^,%^:"%m",%^,%^,%^:"%R",%^:"%u",%^,%^:"%h",%^:"%s"%^
#log-format %^:"%FT%T+%^",%^,%^:"%b",%^:%T,%^,%^,%^:"%v",%^:"%U",%^,%^:"%m",%^,%^,%^:"%R",%^:"%u",%^,%^:"%h",%^:"%s"%^
#log-format %^:"%FT%T+%^",%^,%^:%b,%^:%T,%^,%^,%^:"%v",%^:"%U",%^,%^:"%m",%^,%^,%^:"%R",%^:"%u",%^,%^:"%h",%^:"%s"%^

log-format %^:"%dT%t+%^",%^,%^:%b,%^:%T,%^,%^,%^:"%v",%^:"%U",%^,%^:"%m",%^,%^,%^:"%R",%^:"%u",%^,%^:"%h",%^:"%s"%^

#log-format %^:"%F%^%T%^"%^:%^:"%b"%^:%T%^:%^:%^:"%v":%^:%^:"%U"%^:"%m"%^:%^:%^:"~h"%^:%^:%^:%^:"%h"%^:"%s"%^

# Common Log Format (CLF) with Virtual Host
#
#log-format %v:%^ %h %^[%d:%t %^] "%r" %s %b

# W3C
#
#log-format %d %t %h %^ %^ %^ %^ %r %^ %s %b %^ %^ %u %R

# AWS | Amazon CloudFront (Download Distribution)
#
#log-format %d\t%t\t%^\t%b\t%h\t%m\t%^\t%r\t%s\t%R\t%u\t%^

# AWS | Elastic Load Balancing
#
#log-format %dT%t.%^ %^ %h:%^ %^ %T %^ %^ %^ %s %^ %b "%r" "%u"

# Google Cloud Storage
#
#log-format "%x","%h",%^,%^,"%m","%U","%s",%^,"%b","%D",%^,"%R","%u"

# Squid native log format
#
#log-format %^ %^ %^ %v %^: %x.%^ %~%L %h %^/%s %b %m %U

# Virtualmin Log Format with Virtual Host
#
#log-format %h %^ %v %^[%d:%t %^] "%r" %s %b "%R" "%u"

# In addition to specifying the raw log/date/time formats, for
# simplicity, any of the following predefined log format names can be
# supplied to the log/date/time-format variables. GoAccess  can  also
# handle  one  predefined name in one variable and another predefined
# name in another variable.
#
#log-format COMBINED
#log-format VCOMBINED
#log-format COMMON
#log-format VCOMMON
#log-format W3C
#log-format SQUID
#log-format CLOUDFRONT
#log-format CLOUDSTORAGE
#log-format AWSELB

######################################
# UI Options
######################################

# Choose among color schemes
# 1 : Monochrome
# 2 : Green
# 3 : Monokai (if 256-colors supported)
#
#color-scheme 3

# Prompt log/date configuration window on program start.
#
config-dialog false

# Color highlight active panel.
#
hl-header true

# Specify a custom CSS file in the HTML report.
#
#html-custom-css /path/file.css

# Specify a custom JS file in the HTML report.
#
#html-custom-js /path/file.js

# Set HTML report page title and header.
#
#html-report-title My Awesome Web Stats

# Format JSON output using tabs and newlines.
#
json-pretty-print false

# Turn off colored output. This is the  default output on
# terminals that do not support colors.
# true  : for no color output
# false : use color-scheme
#
no-color false

# Don't write column names in the terminal output. By default, it displays
# column names for each available metric in every panel.
#
no-column-names false

# Disable summary metrics on the CSV output.
#
no-csv-summary false

# Disable progress metrics.
#
no-progress false

# Disable scrolling through panels on TAB.
#
no-tab-scroll false

# Enable mouse support on main dashboard.
#
with-mouse false

# Maximum number of items to show per panel.
# Note: Only the CSV and JSON outputs allow a maximum greater than the
# default value of 366.
#
#max-items 366

# Custom colors for the terminal output
# Tailor GoAccess to suit your own tastes.
#
# Color Syntax:
# DEFINITION space/tab colorFG#:colorBG# [[attributes,] PANEL]
#
# FG# = foreground color number [-1...255] (-1 = default terminal color)
# BG# = background color number [-1...255] (-1 = default terminal color)
#
# Optionally:
#
# It is possible to apply color attributes, such as:
# bold,underline,normal,reverse,blink.
# Multiple attributes are comma separated
#
# If desired, it is possible to apply custom colors per panel, that is, a
# metric in the REQUESTS panel can be of color A, while the same metric in the
# BROWSERS panel can be of color B.
#
# The following is a 256 color scheme (hybrid palette)
#
#color COLOR_MTRC_HITS     color110:color-1
#color COLOR_MTRC_VISITORS color173:color-1
#color COLOR_MTRC_DATA     color221:color-1
#color COLOR_MTRC_BW       color167:color-1
#color COLOR_MTRC_AVGTS    color143:color-1
#color COLOR_MTRC_CUMTS    color247:color-1
#color COLOR_MTRC_MAXTS    color186:color-1
#color COLOR_MTRC_PROT     color109:color-1
#color COLOR_MTRC_MTHD     color139:color-1
#color COLOR_MTRC_PERC     color186:color-1
#color COLOR_MTRC_PERC_MAX color139:color-1
#color COLOR_MTRC_PERC_MAX color139:color-1 VISITORS
#color COLOR_MTRC_PERC_MAX color139:color-1 OS
#color COLOR_MTRC_PERC_MAX color139:color-1 BROWSERS
#color COLOR_MTRC_PERC_MAX color139:color-1 VISIT_TIMES
#color COLOR_PANEL_COLS    color243:color-1
#color COLOR_BARS          color250:color-1
#color COLOR_ERROR         color231:color167
#color COLOR_SELECTED      color7:color167
#color COLOR_PANEL_ACTIVE  color7:color237
#color COLOR_PANEL_HEADER  color250:color235
#color COLOR_PANEL_DESC    color242:color-1
#color COLOR_OVERALL_LBLS  color243:color-1
#color COLOR_OVERALL_VALS  color167:color-1
#color COLOR_OVERALL_PATH  color186:color-1
#color COLOR_ACTIVE_LABEL  color139:color235 bold underline
#color COLOR_BG            color250:color-1
#color COLOR_DEFAULT       color243:color-1
#color COLOR_PROGRESS      color7:color110

######################################
# Server Options
######################################

# Specify IP address to bind server to.
#
#addr 0.0.0.0

# Ensure clients send the specified origin header upon the WebSocket
# handshake.
#
#origin http://example.org

# The port to which the connection is being attempted to connect.
# By default GoAccess' WebSocket server listens on port 7890
# See man page or http://gwsocket.io for details.
#
#port 7890

# Enable real-time HTML output.
#
#real-time-html true

# URL to which the WebSocket server responds. This is the URL supplied
# to the WebSocket constructor on the client side.
#
# If GoAccess is running behind a proxy, you could set the client side
# to connect to a different port by specifying the host followed by a
# colon and the port.
# e.g., ws-url goaccess.io:9999
#
# By default, it will attempt to connect to localhost. If GoAccess is
# running on a remote server, the host of the remote server should be
# specified here. Also, make sure it is a valid host and NOT an http
# address.
#
#ws-url goaccess.io

######################################
# File Options
######################################

# Specify the path to the input log file. If set, it will take
# priority over -f from the command line.
#
#log-file /var/log/apache2/access.log

# Send all debug messages to the specified file.
#
#debug-file debug.log

# Specify a custom configuration file to use. If set, it will take
# priority over the global configuration file (if any).
#
#config-file <filename>

# Log invalid requests to the specified file.
#
#invalid-requests <filename>

# Do not load the global configuration file.
#
#no-global-config false

######################################
# Parse Options
######################################

# Enable a list of user-agents by host. For faster parsing, do not
# enable this flag.
#
agent-list false

#  Enable IP resolver on HTML|JSON output.
#
with-output-resolver false

# Exclude an IPv4 or IPv6 from being counted.
# Ranges can be included as well using a dash in between
# the IPs (start-end).
#
#exclude-ip 127.0.0.1
#exclude-ip 192.168.0.1-192.168.0.100
#exclude-ip ::1
#exclude-ip 0:0:0:0:0:ffff:808:804-0:0:0:0:0:ffff:808:808

# Include HTTP request method if found. This will create a
# request key containing the request method + the actual request.
#
# <yes|no> [default: yes]
#
http-method yes

# Include HTTP request protocol if found. This will create a
# request key containing the request protocol + the actual request.
#
# <yes|no> [default: yes]
#
http-protocol no

# Write  output to stdout given one of the following files and the
# corresponding extension for the output format:
#
# /path/file.csv  - Comma-separated values (CSV)
# /path/file.json - JSON (JavaScript Object Notation)
# /path/file.html - HTML
#
#output-format /path/file.html

# Ignore request's query string.
# i.e.,  www.google.com/page.htm?query => www.google.com/page.htm
#
# Note: Removing the query string can greatly decrease memory
# consumption, especially on timestamped requests.
#
no-query-string false

# Disable IP resolver on terminal output.
#
no-term-resolver false

# Treat non-standard status code 444 as 404.
#
444-as-404 false

# Add 4xx client errors to the unique visitors count.
#
4xx-to-unique-count false

# Include static files that contain a query string in the static files
# panel.
# e.g., /fonts/fontawesome-webfont.woff?v=4.0.3
#
all-static-files false

# Date specificity. Possible values: `date` (default), or `hr`.
#
#date-spec hr

# Decode double-encoded values.
#
double-decode false

# Enable parsing/displaying the given panel.
#
#enable-panel VISITORS
#enable-panel REQUESTS
#enable-panel REQUESTS_STATIC
#enable-panel NOT_FOUND
#enable-panel HOSTS
#enable-panel OS
#enable-panel BROWSERS
#enable-panel VISIT_TIMES
#enable-panel VIRTUAL_HOSTS
#enable-panel REFERRERS
#enable-panel REFERRING_SITES
#enable-panel KEYPHRASES
#enable-panel GEO_LOCATION
#enable-panel STATUS_CODES

# Hour specificity. Possible values: `hr` (default), or `min` (tenth
# of a minute).
#
#hour-spec min

# Ignore crawlers from being counted.
# This will ignore robots listed under browsers.c
# Note that it will count them towards the total
# number of requests, but excluded from any of the panels.
#
ignore-crawlers false

# Ignore parsing and displaying the given panel.
#
#ignore-panel VISITORS
#ignore-panel REQUESTS
#ignore-panel REQUESTS_STATIC
#ignore-panel NOT_FOUND
#ignore-panel HOSTS
#ignore-panel OS
#ignore-panel BROWSERS
#ignore-panel VISIT_TIMES
#ignore-panel VIRTUAL_HOSTS
ignore-panel REFERRERS
#ignore-panel REFERRING_SITES
ignore-panel KEYPHRASES
#ignore-panel GEO_LOCATION
#ignore-panel STATUS_CODES

# Ignore referers from being counted.
# This supports wild cards. For instance,
# '*' matches 0 or more characters (including spaces)
# '?' matches exactly one character
#
#ignore-referer *.domain.com
#ignore-referer ww?.domain.*

# Ignore parsing and displaying one or multiple status code(s)
#
#ignore-status 400
#ignore-status 502

# Display real OS names. e.g, Windows XP, Snow Leopard.
#
real-os true

# Sort panel on initial load.
# Sort options are separated by comma.
# Options are in the form: PANEL,METRIC,ORDER
#
# Available metrics:
#  BY_HITS     - Sort by hits
#  BY_VISITORS - Sort by unique visitors
#  BY_DATA     - Sort by data
#  BY_BW       - Sort by bandwidth
#  BY_AVGTS    - Sort by average time served
#  BY_CUMTS    - Sort by cumulative time served
#  BY_MAXTS    - Sort by maximum time served
#  BY_PROT     - Sort by http protocol
#  BY_MTHD     - Sort by http method
# Available orders:
#  ASC
#  DESC
#
#sort-panel VISITORS,BY_DATA,ASC
#sort-panel REQUESTS,BY_HITS,ASC
#sort-panel REQUESTS_STATIC,BY_HITS,ASC
#sort-panel NOT_FOUND,BY_HITS,ASC
#sort-panel HOSTS,BY_HITS,ASC
#sort-panel OS,BY_HITS,ASC
#sort-panel BROWSERS,BY_HITS,ASC
#sort-panel VISIT_TIMES,BY_DATA,DESC
#sort-panel VIRTUAL_HOSTS,BY_HITS,ASC
#sort-panel REFERRERS,BY_HITS,ASC
#sort-panel REFERRING_SITES,BY_HITS,ASC
#sort-panel KEYPHRASES,BY_HITS,ASC
#sort-panel GEO_LOCATION,BY_HITS,ASC
#sort-panel STATUS_CODES,BY_HITS,ASC

# Consider the following extensions as static files
# The actual '.' is required and extensions are case sensitive
# For a full list, uncomment the less common static extensions below.
#
static-file .css
static-file .js
static-file .jpg
static-file .png
static-file .gif
static-file .ico
static-file .jpeg
static-file .pdf
static-file .txt
static-file .csv
static-file .zip
static-file .mp3
static-file .mp4
static-file .mpeg
static-file .mpg
static-file .exe
static-file .swf
static-file .woff
static-file .woff2
static-file .xls
static-file .xlsx
static-file .doc
static-file .docx
static-file .ppt
static-file .pptx
static-file .iso
static-file .gz
static-file .rar
static-file .svg
static-file .bmp
static-file .tar
static-file .tgz
static-file .tiff
static-file .tif
static-file .ttf
static-file .flv
#static-file .less
#static-file .ac3
#static-file .avi
#static-file .bz2
#static-file .class
#static-file .cue
#static-file .dae
#static-file .dat
#static-file .dts
#static-file .ejs
#static-file .eot
#static-file .eps
#static-file .img
#static-file .jar
#static-file .map
#static-file .mid
#static-file .midi
#static-file .mkv
#static-file .odp
#static-file .ods
#static-file .odt
#static-file .ogg
#static-file .otf
#static-file .pict
#static-file .pls
#static-file .ps
#static-file .qt
#static-file .rm
#static-file .svgz
#static-file .wav
#static-file .webp

######################################
# GeoIP Options
# Only if configured with --enable-geoip
######################################

# Standard GeoIP database for less memory usage.
#
#std-geoip false

# Specify path to GeoIP database file. i.e., GeoLiteCity.dat
# .dat file needs to be downloaded from maxmind.com.
#
# For IPv4 City database:
# wget -N http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
# gunzip GeoLiteCity.dat.gz
#
# For IPv6 City database:
# wget -N http://geolite.maxmind.com/download/geoip/database/GeoLiteCityv6-beta/GeoLiteCityv6.dat.gz
# gunzip GeoLiteCityv6.dat.gz
#
# For IPv6 Country database:
# wget -N http://geolite.maxmind.com/download/geoip/database/GeoIPv6.dat.gz
# gunzip GeoIPv6.dat.gz
#
# Note: `geoip-city-data` is an alias of `geoip-database`
#
#geoip-database /usr/local/share/GeoIP/GeoLiteCity.dat

######################################
# Tokyo Cabinet Options
# Only if configured with --enable-tcb=btree
######################################

# GoAccess has the ability to process logs incrementally through the on-disk
# B+Tree database.
#
# It works in the following way:
# - A data set must be persisted first with --keep-db-files, then the same data
#   set can be loaded with --load-from-disk.
# - If new data is passed (piped or through a log file), it will append it to
#   the original data set.
# - To preserve the data at all times, --keep-db-files must be used.
# - If --load-from-disk is used without --keep-db-files, database files will be
#   deleted upon closing the program.

# On-disk B+ Tree
# Persist parsed data into disk. This should be set to
# the first dataset prior to use `load-from-disk`.
# Setting it to false will delete all database files
# when exiting the program.
#keep-db-files true

# On-disk B+ Tree
# Load previously stored data from disk.
# Database files need to exist. See `keep-db-files`.
#load-from-disk false

# On-disk B+ Tree
# Path where the on-disk database files are stored.
# The default value is the /tmp directory.
#
#db-path /tmp

# On-disk B+ Tree
# Set the size in bytes of the extra mapped memory.
# The default value is 0.
#
#xmmap 0

# On-disk B+ Tree
# Max number of leaf nodes to be cached.
# Specifies the maximum number of leaf nodes to be cached.
# If it is not more than 0, the default value is specified.
# The default value is 1024.
#
#cache-lcnum 1024

# On-disk B+ Tree
# Specifies the maximum number of non-leaf nodes to be cached.
# If it is not more than 0, the default value is specified.
# The default value is 512.
#
#cache-ncnum 512

# On-disk B+ Tree
# Specifies the number of members in each leaf page.
# If it is not more than 0, the default value is specified.
# The default value is 128.
#
#tune-lmemb 128

# On-disk B+ Tree
# Specifies the number of members in each non-leaf page.
# If it is not more than 0, the default value is specified.
# The default value is 256.
#
#tune-nmemb 256

# On-disk B+ Tree
# Specifies the number of elements of the bucket array.
# If it is not more than 0, the default value is specified.
# The default value is 32749.
# Suggested size of the bucket array is about from 1 to 4
# times of the number of all pages to be stored.
#
#tune-bnum 32749

# On-disk B+ Tree
# Specifies that each page is compressed with ZLIB|BZ2 encoding.
# Disabled by default.
#
#compression zlib

The content of acces.log is:

{"@timestamp":"2017-04-30T14:05:35+00:00","host":"172.20.2.123","size":22293,"responsetime":0.074,"upstreamtime":"0.074","upstreamhost":"127.0.0.1:9000","http_host":"myhost","uri":"/index.php","request_uri":"/songs?page=2&is_new_user=false","request_method":"GET","country":"br","user_agent":"Android/4.2.2/google play/351876063526758/WIFI","xff":"179.178.166.246","referer":"-","agent":Android/4.2.2/google play/351876063526758/WIFI","remote_addr":"172.20.2.217","clientip":"179.178.166.246","status":"200"}

[allinurl]

@howardking please try with the latest version of goaccess.

[howardking]

@allinurl Thx, it works.