I have a couple of lines in my apache access logs that cannot be parsed by the default apache module.
After some testing, I found that: Does not work: 123.123.123.123 - - [04/Jun/2019:12:25:00 +0000] "-" 400 100 "-" "-"
Kibana error.message: Provided Grok expressions do not match field value: [123.123.123.123 - - [04/Jun/2019:12:25:00 +0000] \"-\" 400 100 \"-\" \"-\"]
I meant have you configured anything in you Apache configuration using LogFormat directive. Also, what is the version of Apache you want to ship logs from?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.