Grok Pattern For Access Log

Hi,

I have a issue with the grok pattern for access log. I try this grok filter %{COMBINEDAPACHELOG} but it's not working.
I identify why and it's because of this variable "301148" between
the date and GET

100.1.1.1 - - [23/Jun/2017:09:17:46 +0200] 301148 "GET /test./test/ " 200 8 "-" "-"

Do you have an idea of grok pattern for this case ?

Thank you
Michael

Here's the original definition of the patterns (COMBINEDAPACHELOG just points to HTTPD_COMBINEDLOG):

Make a copy of them and place '%{NUMBER}after the date, or%{NUMBER:foo}if you want to capture the number into the fieldfoo`.

Thank you Magnus !

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.