Home
Uptime monitoring Observability Real User Monitoring Incident response Integrations & API Explore the platform →
Pricing
Uptime Calculator Cron Expression Builder HTTP Status Codes All free tools
Platform Blog About Contact FAQ
Sign in Start free
Log Parsers

Raw log lines,
structured fields.

Define parsing rules — grok-like patterns and named regex groups — that extract queryable fields from any unstructured log format at ingest time, before a single event touches the explorer.

Start free See pricing
Free tier included No credit card 2-minute setup
app.siteqwality.com / parsers / nginx-access
nginx-access · parser ActiveLIVE
FIELDS EXTRACTED9
EVENTS/S2,140
MATCH RATE99.7%
methodGET / POST
path/api/v2/...
status200 / 404
bytes1,024–88k
duration_ms12–820ms
What you get

Structured data from day one.

Every log line your application emits can become a set of named, typed fields before it lands in the explorer. Once a parser is active, those fields appear as facets automatically — no schema migrations, no re-indexing.

Grok-like pattern matching

Write patterns with named capture groups in a grok-compatible syntax — common formats like Apache, nginx, and syslog are available as built-in templates.

Regex with named groups

For anything without a template, write a standard regex with named capture groups; each group maps directly to a searchable field in the log explorer.

Real-time test sandbox

Paste a sample log line and see extracted fields appear instantly as you edit the pattern — no deploy cycle, no guesswork about whether the rule works.

Multiple parsers per source

Attach more than one parser to a log source to handle mixed formats — for example, JSON application logs and plaintext access logs from the same service.

Applied at ingest, not at query

Parsing happens when the event arrives, so the explorer indexes extracted fields immediately and every subsequent query benefits without any backfill.

Edit rules without re-ingesting

Update or replace a parser rule in seconds; new events use the updated rule while older events retain their original parsed fields.

01 · Instant feedback loop

Write the rule, see
the fields immediately.

The parser editor runs your pattern against a sample log line on every keystroke. Matched fields appear in a live preview table — you know the rule is correct before you ever save it, and iterate in seconds rather than waiting for a pipeline restart.

  • Live preview shows matched fields and types as you type
  • Test multiple sample lines to cover edge cases
  • Save the rule and activate it in a single click
app.siteqwality.com / parsers / haproxy-access
haproxy-access · parser ActiveLIVE
FIELDS EXTRACTED11
MATCH RATE100%
EVENTS/S4,820
client_ip10.0.x.x
frontendpublic-https
backendapi-prod
status_code200ms
bytes_read4,096
02 · Patterns as code

Define rules once,
apply everywhere.

Parser rules are stored as first-class resources you can export, version, and manage via the API. Apply the same parser to multiple log sources, share patterns across environments, and keep your parsing configuration in source control alongside the rest of your infrastructure.

  • Create and update parsers via the REST API
  • Apply one parser rule to many log sources at once
  • Export and version-control rules alongside your infra
nginx access log parser# grok-compatible pattern
pattern: %{IP:client_ip} - - \[%{HTTPDATE:ts}\]
"%{WORD:method} %{URIPATHPARAM:path}
HTTP/%{NUMBER:http_version}"
%{NUMBER:status:int} %{NUMBER:bytes:int}
"%{DATA:referrer}" "%{DATA:user_agent}"
-- 9 fields extracted · match rate 99.7%
0ms

added to query latency — parsing is at ingest

9+

built-in templates for common log formats

100%

of extracted fields become searchable facets

$0

free tier — start without a credit card

FAQ

Questions, answered.

Not necessarily. Built-in templates cover nginx, Apache, HAProxy, syslog, and other common formats — select one and it's ready to go. For custom formats a regex with named capture groups is all that's needed.

At ingest time, before the event is indexed. This means extracted fields are immediately available as facets and filter targets in the log explorer without any re-processing step.

Non-matching lines are still stored and searchable via full-text search. Only the structured field extraction is skipped. You can monitor the match rate in the parser detail view and refine the pattern accordingly.

Yes. A parser is a reusable rule that you attach to one or more log sources. Update the rule once and all attached sources use the new pattern for subsequent events.

Yes. Every parser operation — create, update, delete, list — is available through the REST API, making it straightforward to manage parsing configuration as part of your infrastructure-as-code workflow.

More of the platform

Explore the rest of the platform

Log Management Search, filter and stream logs in real time.Metrics Explorer Query time-series metrics like a database.Distributed Tracing Follow one request across every service it touches.Error Tracking Group front-end errors with full stack traces.Incident Management Declare, track and resolve incidents in one timeline.Webhooks JSON payloads to any endpoint you control.
Ready?

Start watching in under a minute.

Every product starts free — uptime, cron, synthetic, logs, RUM, incidents, and status pages. No credit card required.

Start free See pricing