<filter {
grok {
match => [
"message" , "%{IP:access-ip1} %{IP:access-ip2} - - [%{NOTSPACE:access-timestamp} +%{INT}] "%{WORD:access-httpmethod} %{NOTSPACE:access-request} %{WORD:acc
ess-protocol}/%{NUMBER:access-protocolversion}" %{INT:access-status} %{INT:access-responsesize} %{INT:access-responsetime} "-" "%{WORD} %{WORD} %{NOTSPACE}" [ %{
WORD} %{WORD} %{WORD}= %{INT:access-responsetimeinmicrosec}%{GREEDYDATA}"
]
overwrite => [ "message" ]
}
/>
Below is the data I am passing
- IP - - [11/Jan/2019:12:15:26 +0000] [URL ] "POST /URI HTTP/1.1" 200 0 225966 "URL" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" [ TIME in microsec= 350375 ]
Also in grok debugger its giving proper output.
Above is the grok filter I am using. While trying to get details in kibana it is not filtering details as per the above but instead showing original message line as is.
I even tried to use single filter instead all but all went in vain.
Please suggest what is wrong with above.