Error with parsing apache access log having @ symbol in auth filed using grok filter:- COMBINEDAPACHELOG


(tushar) #1

unable to parse:-

8.8.8.8 - abc.def@example.com [28/Jan/2016:06:19:22 -0600] "PROPFIND /sssssss/ssssssss.php/ssssssss/ HTTP/1.1" 207 290 "-" "Mozilla/5.0 (Macintosh) mirall/1.8.1"

but if we remove @ from abc.def@example.com it works.


(Magnus B├Ąck) #2

This is addressed in PR #106 which is still open. With a sufficiently new logstash-patterns-core (2.0.0 or later) you can just copy the new definition of COMBINEDAPACHELOG into your grok filter (or put it in a separate patterns file under a new name).


(tushar) #3

Thank you for your guidance .


(system) #4