Hi,
I am new to Logstash and my case need get all logs from s3 cloudfront logs format the problem when using decode filter plugin this my code
Blockquote
input {
s3 {
bucket => "test"
access_key_id => "test"
secret_access_key => "test"
}
}
filter {
csv {
separator => " "
columns => ["date", "time", "x-edge-location", "sc-bytes", "c-ip", "cs-method", "cs(Host)", "cs-uri-stem", "sc-status", "cs(Referer)", "cs(User-Agent)", "cs-uri-query", "cs(Cookie)", "x-edge-result-type", "x-edge-request-id", "x-host-header", "cs-protocol", "cs-bytes", "time-taken", "x-forwarded-for", "ssl-protocol", "ssl-cipher", "x-edge-response-result-type", "cs-protocol-version", "fle-status", "fle-encrypted-fields"]
}
grok {
match => [ "message", "%{URIPARAM:cs-uri-query}" ]
}
kv {
source => "cs-uri-query"
field_split => "&"
}
urldecode {
charset => "UTF-8"
field => "ue_px"
}
mutate
{
remove_field => [ "message" ]
}
codec-cloudfront
}
output {
elasticsearch {
hosts => ["localhost:9200"]
index => "test"
document_type => "logs"
}
stdout { codec => rubydebug }
}
Blockquote
The ue_px field param from cs-uri-query and I need decode this param
any help