I have Apache logs to index, but i would like to extract more information after groking the logs. One log line is like this :
\ 10.23.252.66 - - [26/Mar/2018:01:54:40 +0200] "GET /AppName/services/rest/supervision/supervise HTTP/1.1" 200 2026 "-" "check_http/v2.2.1 (nagios-plugins 2.2.1)" </>
I use this grok pattern and it's working :
\ grok {
match => [
"message", "%{COMMONAPACHELOG}( (?:%{QS:referrer}) (?:%{QS:agent}))?"
]
}
But i want to extract the AppName from the field %{request}. How to do it?