Hi, I'm trying to parse some apache logs like this:
46.105.14.53 - - [20/May/2015:21:05:15 +0000] "GET /blog/tags/puppet?flav=rss20 HTTP/1.1" 200 14872 "-" "UniversalFeedParser/4.2-pre-314-svn +http://feedparser.org/"
Filebeat is fetching logs and they are going through Logstash, Elasticsearch and Kibana correctly.
Here is my logstash.conf:
input {
beats {
port => 5044
}
}
filter {
grok {
match => {"message" => "%{IPORHOST:clientip}"}
remove_field => ["message"]
}
}
output {
elasticsearch {
hosts => ["localhost:9200"]
index => "%{[@metadata][beat]}-%{[@metadata][version]}"
}
}
Here I'm trying to use a very simple Grok pattern that works on Grok Debugger. On Kibana I have the entire "message" field as if no filter has been applied.
Any help would be really appreciated.
Thank you, regards.