Hello All,
I have an Apache log where the clientip field will occasionally be just "." rather than a IP address or hostname. This is causing the HOSTNAME pattern to fail and the grok to fail to parse the message. So my question is how to modify HOSTNAME pattern to allow a '.' as well as an IP address or hostname. I tried simply adding it to the character class, e.g.
HOSTNAME \b(?:[.0-9A-Za-z][0-9A-Za-z-]{0,62})(?:\.(?:[0-9A-Za-z][0-9A-Za-z-]{0,62}))*(\.?|\b)
but that doesn't seem to match.
Thanks!
--john