Hi,
I used grok and geo IP filter to extract the data fields from the message but I am unable to do. So, I even used disscent filter as all my logs have the same pattern I found no luck. How can I achieve this task? Please advice.
MY LOG:
2017-02-14T23:55:29.784176Z LCPROD-APACHE xxx.x6.x8.x6:xxx737 xxx.xx.xx.xx:443 0.000047 0.001386 0.000022 301 301 368 350 "POST https://xxx.com:443/autodiscover/autodiscover.xml HTTP/1.1" "Microsoft Office/14.0 (Windows NT 6.1; Microsoft Outlook 14.0.7151; Pro)" xxxx-RSA-xxx128-SHA TLSv1
dissect {
mapping => {
message => "{request_timestamp} %{elb_name} %{request_ip} %{request_port} %{backend_ip},%{backend_port},%{request_processing_time},%{backend_processing_time},%{client_response_time},%{elb_response_code},%{backend_response_code},%{received_bytes},%{sent_bytes},%{request_verb},%{url},%{protocol},%{user_agent},%{ssl_cipher},%{ssl_protocol}"
}
Thanks
Maheswari