I have a web access log from which i need to create the fields, below is the log line:
10.202.103.252 - ECG358 [02/Aug/2017:16:48:53 +0000] "GET /app-web/tutor/applications/14/notes?category=All&offset=0&limit=30&count=true HTTP/1.1" 200 5128 Client-Correlation-Id="bbfd0962-b91f-e192-223f-e4afc316ab00" ResponseSecs=0 ResponseMicros=59908 "https://aplication.cloud.domain.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
I created a GROK pattern using %{COMMONAPACHELOG} %{GREEDYDATA}.
This pattern does the job till the number 5128 in the above logs and rest everything is captured in a field called GREEDYDATA. so the GREEDYDATE field has this log line:
"Client-Correlation-Id="bbfd0962-b91f-e192-223f-e4afc316ab00" ResponseSecs=0 ResponseMicros=59908 "https://aplication.cloud.domain.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko""
Now the challenge here is i have to extract extra fields from this GRREDYDATA field. Any help is highly appreciated.