Apache config

Hi, i have apache log string like this

apache www.wol.it.access_log_ip-10-0-6-24_i-060f9005e487ea3 15.28.95.25, 10.0.7.17, 10.0.7.17 - - [17/Jul/2017:10:29:53 +0200] "GET /privat/mobile/assist/?source=600000&ns=0&gclid=Cj0KCQjwLHLRDEAIsAN11Q4Mv4HUsKSO8ZfZvhXU_mY8LCyEmZAIjCLjKcQVwcp8e_bkaAlGGEALw_wcB&dclid=CJzzy5_zj9UCFYWIdwodxpsNvA HTTP/1.1" 200 119969 "https://www.google.it/" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.01.15 Safari/537.36" "-" "-" "50183" "1140281" "www.wol.it"

How can i match this string?
In filebeat i have this config file:
-filebeat.yml
-filebeat.template.json
-filebeat.template-es2x.json
Thanks for replay

Hi @erion,

I would recommend to use apache module, have a look to the tutorial

Hi @exekias, what you think about this filebeat.template-es2x.json config on git? (https://github.com/Icinga/icingabeat/blob/master/vendor/github.com/elastic/beats/filebeat/filebeat.template-es2x.json)
What i'll change is all ignore above deleted and some fields change type to keyword. It can found?
Or it's better your way?
Thanks for replay

Hi @exekias , unfortunately on my elasticsearch provider not accept extra plugin like ingest-geoip. That occur for install apache module. Do you have another suggestion?
I see in getting started filebeat this img. How can i configure this grok filter?

image.jpg1366×768 75.1 KB

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.