Grook Format For APM Nginx Log

reza_naipospos · February 25, 2021, 6:36am

i have format log like this, how logstash can make new field on elasticsearch for every this log, currently all log is in message field.

timestamp="25/Feb/2021:13:34:22 +0700" client=192.168.0.21 request="GET /api/Supir/Browse/JUMALI%20SIREGAR HTTP/1.0" request_length=1219 bytes_sent=296 body_bytes_sent=84 referer=https://sample.domain.com/ user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.182 Safari/537.36" upstream_addr=127.0.0.1:5000 upstream_status=200 request_time=0.175 upstream_response_time=0.176 upstream_connect_time=0.001 upstream_header_time=0.176

Badger · February 25, 2021, 4:38pm

Use a kv filter. If there is a header on the line then remove it using dissect.

reza_naipospos · February 26, 2021, 4:25am

thanks , i will try it

system · March 26, 2021, 4:25am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.