Hey all, i have a question with regards to the grok filter,
so i have different types log formats in my nginx-access.log and i want to parse them out seperately, in my kibana, i did try adding the optional fields but they did not work properly, i could add a second grok expression but i dont know how to set the conditions so as it will select the correct grok expression when needed. can any one suggest me on how to set these filters? I hope i made myself clear.
my two log examples are something like this:
a. 0.0.0.0 0.0.0.0 - - [06/Jun/2019:13:38:24 +0000] "GET /homepage/v1?HTTP/1.0" 200 25853 "test.com" "https://test.com/homepage" "useragent" "-" - 0.05 0.24
b. 0.0.0.0 0.0.0.0 - - [06/Jun/2019:13:38:24 +0000] "GET /customersupport/form/v1?submission=yes&repeat=no&id=123?HTTP/1.0" 200 25853 "test.com" "https://test.com/homepage" "useragent" "-" - 0.05 0.24
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.