Grok Filter for JIRA Access Logs

Hi Everyone,

Lately I been working on JIRA access logs parsing using grok filter but did not able to write a one.

Can anyone help me on writing a grok filter for my JIRA access logs.

Example:
10.12.68.155 0x14430011x2 B0095757 [15/Mar/2018:00:00:08 +0530] "GET /jira/rest/greenhopper/1.0/xboard/issue/details.json?rapidViewId=364&issueIdOrKey=DT-3204&loadSubtasks=true&=1521052210613 HTTP/1.1" 200 9670 219 "http://10.5.200.224:8080/jira/secure/RapidBoard.jspa?rapidView=364&projectKey=DT&view=planning&selectedIssue=DT-3204" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.162 Safari/537.36" "u1kpw4"
10.12.68.155 0x14430013x3 B0095757 [15/Mar/2018:00:00:08 +0530] "GET /jira/rest/tempo-rest/2.0/gh/canOnlyViewOwnWorklogs/254122?=1521052211001 HTTP/1.1" 200 46 4 "http://10.5.200.224:8080/jira/secure/RapidBoard.jspa?rapidView=364&projectKey=DT&view=planning&selectedIssue=DT-3204" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.162 Safari/537.36" "u1kpw4"
10.12.68.155 0x14430012x2 B0095757 [15/Mar/2018:00:00:08 +0530] "POST /jira/plugins/servlet/kintosoft/tree/dwr/call/plaincall/LinksDWRService.getIssueChildren.dwr HTTP/1.1" 200 838 35 "http://10.5.200.224:8080/jira/secure/RapidBoard.jspa?rapidView=364&projectKey=DT&view=planning&selectedIssue=DT-3204" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.162 Safari/537.36" "u1kpw4"

I have to filter the ip, id(B0095757 ) and timestamp. The grok filter which is wrote is:

grok {
match => { "message" => "%{IPV4:clientip} (?:.) (?[0-9A-F]{8}) [%{HTTPDATE:accesstime}] (?:.) " }
remove_field => "message"
}
Kindly Help

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.