Hello,
we are using a filebeat Apahce module to parse apache access logs and customized the default log format. Logs are sent to Logstash there we want to use the grok filter to catch few events through alerts.
We tried with different grok patterns, but failed to get actual results. Apache logs are showing as single message and with _grokparsefailur, _geoip_lookup_failure in tags.
Our logs in apache access log:
CustomLog logs/19Httpd_access_log "%{%a %m/%d/%Y @ %I:%M:%S.}t%{msec_frac}t %{%p %Z}t %h (%{X-Forwarded-For}i) > %v:%p "%r" %I %D %>s %O %k %L "%{Referer}i" "%{User-Agent}i" %u %{User}C %{SessionTracker}C"
Wed 04/17/2019 @ 02:40:16.348 PM IST 192.168.0.58 (-) > 192.168.10.115:80 "POST /rR_Performance/super_updateDescription.action HTTP/1.1" 8054 53804 200 260 0 - "http://192.168.0.19/RR_Performance/reviewForm_editReviewForm.action" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36" - - -
Please help us to create a Grok pattern for above example log.
