Kevin_M
(Kevin M)
August 18, 2014, 1:57pm
1
Could someone help me write a grok filter for this log real quick here is
what the log looks like:
Aug 18 09:40:39 server01 webmin_log: 172.16.16.96 - username [18/Aug/2014:09:40:39
-0400] "GET /right.cgi?open=system&open=status HTTP/1.1" 200 3228
here is what I have so far:
match => [ "message", "%{SYSLOGTIMESTAMP:timestamp} %{WORD:Server}
webmin_log: %{IP:IP_Address} - %{USERNAME:username} *[ stuck at this middle
part [18/Aug/2014:09:40:39 -0400] *] "%{WORD:method}
%{URIPATHPARAM:request} HTTP/1.1 %{NUMBER:bytes} %{NUMBER:duration}
--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com .
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/4784c4b4-65ab-4894-8a1b-a8ab0fba0ed6%40googlegroups.com .
For more options, visit https://groups.google.com/d/optout .
On Monday, August 18, 2014 9:57:41 AM UTC-4, Kevin M wrote:
Could someone help me write a grok filter for this log real quick here is
what the log looks like:
Aug 18 09:40:39 server01 webmin_log: 172.16.16.96 - username [18/Aug/2014:09:40:39
-0400] "GET /right.cgi?open=system&open=status HTTP/1.1" 200 3228
here is what I have so far:
match => [ "message", "%{SYSLOGTIMESTAMP:timestamp} %{WORD:Server}
webmin_log: %{IP:IP_Address} - %{USERNAME:username} *[ stuck at this
middle part [18/Aug/2014:09:40:39 -0400] *] "%{WORD:method}
%{URIPATHPARAM:request} HTTP/1.1 %{NUMBER:bytes} %{NUMBER:duration}
It is just a sequence of regular expressions catching fields one by one.
Look, e.g at my post.
--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com .
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/fc1251d5-d346-475d-9d21-bf993b45062e%40googlegroups.com .
For more options, visit https://groups.google.com/d/optout .
Kevin_M
(Kevin M)
August 18, 2014, 6:58pm
3
I dont see your post - what I am stuck with is whenever the date changes on
that log example:
[18/Aug/2014:09:40:39 -0400]
[20/Aug/2014:11:40:39 -0104]
[19/Aug/2014:08:40:39 -0500]
the filter will not match it
On Monday, August 18, 2014 1:53:37 PM UTC-4, vitaly wrote:
On Monday, August 18, 2014 9:57:41 AM UTC-4, Kevin M wrote:
Could someone help me write a grok filter for this log real quick here is
what the log looks like:
Aug 18 09:40:39 server01 webmin_log: 172.16.16.96 - username [18/Aug/2014:09:40:39
-0400] "GET /right.cgi?open=system&open=status HTTP/1.1" 200 3228
here is what I have so far:
match => [ "message", "%{SYSLOGTIMESTAMP:timestamp} %{WORD:Server}
webmin_log: %{IP:IP_Address} - %{USERNAME:username} *[ stuck at this
middle part [18/Aug/2014:09:40:39 -0400] *] "%{WORD:method}
%{URIPATHPARAM:request} HTTP/1.1 %{NUMBER:bytes} %{NUMBER:duration}
It is just a sequence of regular expressions catching fields one by one.
Look, e.g at my post.
--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com .
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/b2e3db4a-385d-4bb0-aa2c-0b5b7f96b728%40googlegroups.com .
For more options, visit https://groups.google.com/d/optout .