Hi,
I am trying to parse the following log but failed, as you can see first 12 lines are not needed and from line 12 it's CATALINA_DATESTAMP, client ip, http verb, URL, http version, http code, data size and response time.
How to parse this log file? I am stuck at grok match, thanks.
Best regards,
Mike
After browsing this forum, I found the pattern, thank you all.
filter {
if [path] =~ "access" {
mutate { replace => { "type" => "pqm_access" } }
grok {
match => { "message" => "[%{CATALINA_DATESTAMP:timestamp}] - %{IPV4:clientip} : %{WORD:verb} %{NOTSPACE:rawrequest} %{NOTSPACE:httpversion} %{NUMBER:httpcode} %{NUMBER:respbytes} [%{NUMBER:resptime}]" }
}
}
date {
match => [ "timestamp" , "MMM dd, YYYY hh:mm:ss a" ]
}
}
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
