Error with parsing apache access log having @ symbol in auth filed using grok filter:- COMBINEDAPACHELOG

(tushar) #1

unable to parse:- - [28/Jan/2016:06:19:22 -0600] "PROPFIND /sssssss/ssssssss.php/ssssssss/ HTTP/1.1" 207 290 "-" "Mozilla/5.0 (Macintosh) mirall/1.8.1"

but if we remove @ from it works.

(Magnus B├Ąck) #2

This is addressed in PR #106 which is still open. With a sufficiently new logstash-patterns-core (2.0.0 or later) you can just copy the new definition of COMBINEDAPACHELOG into your grok filter (or put it in a separate patterns file under a new name).

(tushar) #3

Thank you for your guidance .

(system) #4