Hi,
I've tried using a add_field in the grok filter.
I want to extract the domain name from the log files I have.
I've added those in my Apache logs and see them, but I'm not sure how to extract them.
What I have so far is this:
input {
beats {
port => 5044
host => "5.61.254.238"
}
}
filter {
grok {
match => { "message" => "%{COMBINEDAPACHELOG}" }
add_field => [ "host" => "%{host}" ]
}
date {
match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]
}
}
output {
elasticsearch { hosts => ["localhost:9200"] }
stdout { codec => rubydebug }
}
I'm not sure if it's even correct.
I've restarted everything, but don't see it in Kibana.
An example of a line from the log file:
84.241.204.141 - - [07/Apr/2020:14:58:17 +0200] "GET /images/betaalmethodeimages/paynl/mastercard.png HTTP/1.1" 200 3436 "https://www.celchi.com/geuren/bners-geuren/yes-r-unlimited-violet-damesparfum" "Mozilla/5.0 (Linux; Android 10; ELE-L29) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.162 Mobile Safari/537.36" www.celchi.com
I hope you guys can help me out!