Decode URL Query After use KV Filter

gholeh89 · September 22, 2019, 11:53am

Hi,
I am new to Logstash and my case need get all logs from s3 cloudfront logs format the problem when using decode filter plugin this my code

Blockquote
input {

  s3 {
	bucket => "test"
	access_key_id => "test"
	secret_access_key => "test"

}

}

filter {

 csv {
  separator => " "
  columns => ["date", "time", "x-edge-location", "sc-bytes", "c-ip", "cs-method", "cs(Host)", "cs-uri-stem", "sc-status", "cs(Referer)", "cs(User-Agent)", "cs-uri-query", "cs(Cookie)", "x-edge-result-type", "x-edge-request-id", "x-host-header", "cs-protocol", "cs-bytes", "time-taken", "x-forwarded-for", "ssl-protocol", "ssl-cipher", "x-edge-response-result-type", "cs-protocol-version", "fle-status", "fle-encrypted-fields"]
}

grok {
match => [ "message", "%{URIPARAM:cs-uri-query}" ]
}

kv {
    source => "cs-uri-query"
    field_split => "&"
  }

urldecode {
      charset => "UTF-8"
      field => "ue_px"
}


mutate
{
         remove_field => [ "message" ]
}

codec-cloudfront

}

output {

elasticsearch {

hosts => ["localhost:9200"]
index => "test"
document_type => "logs"

}
stdout { codec => rubydebug }

}

Blockquote

The ue_px field param from cs-uri-query and I need decode this param
any help

system · October 20, 2019, 12:05pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Urldecode useragent cloudfront Logstash	2	502	January 2, 2018
Can Logstash Base64 decode then parse json from a cloudfront log? Logstash	3	1048	September 2, 2021
Logstash kv filter questions Logstash	1	423	June 14, 2017
Logstasg KV Logstash	7	558	February 13, 2018
Logstash Filter help - Newbie question Logstash	6	315	February 17, 2022

Decode URL Query After use KV Filter

Related topics