Developer Tools

Access Log Parser

Paste Apache or NGINX access logs and get a structured breakdown with status codes, top IPs, top paths, user agents, and CSV or JSON export.

Paste access log lines

127.0.0.1 - - [18/Jun/2026:10:14:02 +0000] "GET /index.html HTTP/1.1" 200 2326 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_4) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4 Safari/605.1.15"
203.0.113.42 - - [18/Jun/2026:10:14:04 +0000] "GET /api/users/123 HTTP/1.1" 200 512 "https://app.example.com/dashboard" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"
198.51.100.7 - - [18/Jun/2026:10:14:05 +0000] "POST /login HTTP/1.1" 302 0 "https://www.example.com/login" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
198.51.100.7 - alice [18/Jun/2026:10:14:06 +0000] "GET /dashboard HTTP/1.1" 200 14721 "https://www.example.com/login" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
66.249.66.1 - - [18/Jun/2026:10:14:07 +0000] "GET /robots.txt HTTP/1.1" 200 220 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
198.51.100.8 - - [18/Jun/2026:10:14:08 +0000] "GET /missing HTTP/1.1" 404 162 "-" "curl/8.6.0"
203.0.113.42 - - [18/Jun/2026:10:14:09 +0000] "GET /api/users/456 HTTP/1.1" 200 487 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"
2001:db8::42 - - [18/Jun/2026:10:14:11 +0000] "GET /pricing HTTP/1.1" 200 8432 "https://www.example.com/" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4 Mobile/15E148 Safari/604.1"
203.0.113.42 - - [18/Jun/2026:10:14:13 +0000] "GET /api/health HTTP/1.1" 500 76 "-" "checkly/1.0"
198.51.100.7 - alice [18/Jun/2026:10:14:15 +0000] "GET /pricing HTTP/1.1" 304 0 "https://www.example.com/dashboard" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"

One log line per row. Supports Apache Combined, Apache Common Log (CLF), NGINX combined, and a custom LogFormat string. Parsing runs in your browser; nothing is uploaded.

Log format

Try Apache Combined, NGINX combined, then Common Log Format on each line.

Total lines

Parsed

Parse errors

Unique IPs

Unique status codes

Total bytes

26.3 KB

26,936 bytes

Average response size

2.63 KB

2,694 bytes

Time range

Jun 18, 2026, 10:14:02 UTC to Jun 18, 2026, 10:14:15 UTC

2026-06-18T10:14:02.000Z 2026-06-18T10:14:15.000Z

Status class distribution

1xx Informational

2xx Success

3xx Redirect

4xx Client error

5xx Server error

Other / unparsed

Top status codes

Status	Count
200	6
302	1
304	1
404	1
500	1

Top IPs

IP	Count
198.51.100.7	3
203.0.113.42	3
127.0.0.1	1
198.51.100.8	1
2001:db8::42	1
66.249.66.1	1

Top paths

Path	Count
/pricing	2
/api/health	1
/api/users/123	1
/api/users/456	1
/dashboard	1
/index.html	1
/login	1
/missing	1
/robots.txt	1

Top methods

Method	Count
GET	9
POST	1

User-agent breakdown

Family	Count
Edge	3
Chrome	2
Safari	2
curl	1
Googlebot	1
Other	1

Parsed lines (showing 10 of 10)

#	IP	Time	Method	Path	Status	Bytes	UA
1	127.0.0.1	2026-06-18T10:14:02.000Z	GET	/index.html	200	2,326	Safari
2	203.0.113.42	2026-06-18T10:14:04.000Z	GET	/api/users/123	200	512	Chrome
3	198.51.100.7	2026-06-18T10:14:05.000Z	POST	/login	302	0	Edge
4	198.51.100.7	2026-06-18T10:14:06.000Z	GET	/dashboard	200	14,721	Edge
5	66.249.66.1	2026-06-18T10:14:07.000Z	GET	/robots.txt	200	220	Googlebot
6	198.51.100.8	2026-06-18T10:14:08.000Z	GET	/missing	404	162	curl
7	203.0.113.42	2026-06-18T10:14:09.000Z	GET	/api/users/456	200	487	Chrome
8	2001:db8::42	2026-06-18T10:14:11.000Z	GET	/pricing	200	8,432	Safari
9	203.0.113.42	2026-06-18T10:14:13.000Z	GET	/api/health	500	76	Other
10	198.51.100.7	2026-06-18T10:14:15.000Z	GET	/pricing	304	0	Edge

Format directives

%h client IP / $remote_addr
%u authenticated user / $remote_user
[%t] request time in CLF format / [$time_local]
"%r" request line (method, path, protocol) / "$request"
%>s final HTTP status / $status
%b response bytes / $body_bytes_sent
"%{Referer}i" and "%{User-Agent}i" request headers

What to watch for

Bursts of 4xx status codes can indicate broken links, scrapers, or login probing.
A growing share of 5xx status codes points at upstream failures or capacity problems.
A handful of IPs serving most of the traffic often means a bot or CDN warming the cache. Cross-check the user agent.
An empty referer column for browser traffic is normal for typed URLs and bookmarks; it is suspicious for deep-link API calls.

How to use

Paste log lines into the input box, or click Load sample log to see how Apache Combined output renders.
Pick a log format: Auto-detect handles mixed Apache and NGINX combined logs, or choose Apache Common, Apache Combined, or NGINX combined explicitly.
If your server uses a custom LogFormat, choose Custom and paste the format string (for example, $remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent").
Review the summary cards for total bytes, status class distribution, and time range, and scan the top tables for the IPs, paths, and user-agent families generating the traffic.
Copy the parsed rows as CSV or JSON to move them into a spreadsheet or notebook. Lines that fail to match are listed at the bottom with the reason so you can adjust the format.

About this tool

Access Log Parser turns raw web server logs into a structured, searchable view in your browser. It speaks the formats that ship out of the box with Apache and NGINX: the Common Log Format (%h %l %u %t "%r" %>s %b), the Combined Log Format that adds Referer and User-Agent, and the NGINX combined preset built from $remote_addr, $time_local, $request, $status, $body_bytes_sent, $http_referer, and $http_user_agent. Auto-detect runs Combined, NGINX, and CLF against each line so a mixed paste does not need pre-sorting. Custom mode compiles a subset of Apache LogFormat and NGINX log_format directives (including %{Referer}i, %{User-Agent}i, %>s, %b, %D, $body_bytes_sent, and friends) into a regex on the fly, so you can paste the exact LogFormat string from your httpd.conf or nginx.conf and parse whatever it produces. Each parsed row exposes the client IP, the ident and authenticated user fields, the original CLF timestamp plus a normalized ISO UTC timestamp, the request method, path, and protocol, the HTTP status code (color coded by class), the response size in bytes, the referer, and the user agent (with a built-in family bucket that recognizes Chrome, Edge, Safari, Firefox, curl, Googlebot, Bingbot, and other common crawlers). On top of the per-row table sits a fleet-wide summary: total lines, parsed count, parse errors, unique IPs, unique status codes, total bytes served, average response size, the parsed time window, a status class distribution across 1xx, 2xx, 3xx, 4xx, 5xx, and the top status codes, IPs, paths, methods, and user-agent families across the whole input. The parsed rows export as JSON or CSV with a single click so the same data can move into a spreadsheet, a notebook, or a follow-up SIEM query. Useful when grep is not enough: triaging a traffic spike, hunting for the path that is generating 5xx errors, spotting the IP behind a 4xx flood, finding the user agent that hammers an endpoint, or just turning a confusing log paste into a clean table. Nothing is uploaded; parsing runs entirely on the device.

Free to use. Works in your browser. No signup, no login.

Related tools

Access Log Parser

How to use

About this tool

You may also like

Nginx Config Generator

User Agent Parser

HTTP Status Codes

URL Parser

HAR File Viewer

CSP Analyzer

Access Log Parser