Grok pattern for Apache customized log

Elastic Stack Logstash
1

Hello,

we are using a filebeat Apahce module to parse apache access logs and customized the default log format. Logs are sent to Logstash there we want to use the grok filter to catch few events through alerts.

We tried with different grok patterns, but failed to get actual results. Apache logs are showing as single message and with _grokparsefailur, _geoip_lookup_failure in tags.

Our logs in apache access log:

CustomLog logs/19Httpd_access_log "%{%a %m/%d/%Y @ %I:%M:%S.}t%{msec_frac}t %{%p %Z}t %h (%{X-Forwarded-For}i) > %v:%p "%r" %I %D %>s %O %k %L "%{Referer}i" "%{User-Agent}i" %u %{User}C %{SessionTracker}C"

Wed 04/17/2019 @ 02:40:16.348 PM IST 192.168.0.58 (-) > 192.168.10.115:80 "POST /rR_Performance/super_updateDescription.action HTTP/1.1" 8054 53804 200 260 0 - "http://192.168.0.19/RR_Performance/reviewForm_editReviewForm.action" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36" - - -

Please help us to create a Grok pattern for above example log.

2

What have you tried and what don't you like about the results?

3

Tried with Logstash pipeline Apache2 logs configuration.

Apache02
Apache02.JPG1398×704 104 KB

4

What grok pattern have you tried.

5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.