I am trying to match random number of ips in my access logs. Basically, the access logs looks like this
10.xx.xx.xx 107.xx.xxx.xxx 107.xx.xx.xx, 184.xx.xx.xx, 131.xx.xx.xx, 74.xx.xx.xxx, 209.xx.xx.xxx, 10.xx.xx.x, 10.xx.xx.x.x [27/May/2015:23:59:59 -0400]
The number of ips are random - basically sometimes it is 4, sometimes 6, sometimes 8 and sometime 10. And they also do not follow any coherent pattern like starting with certain ips(10.84..) and ending with certain ips (208....).The only pattern I can see is that it does have %{SYSLOG5424SD} after the ips.
What I want to do is to be able to get all these ips as a filter. Is there a way to match all these together ? When i use grok debugger it gives me %{IP} %{IP} %{IP} .... But that doesn't help me as the number of %{IP} could be different for each log lines. I want to create a pattern that says, he match all the ips that you see in this log line and label them as IPs. What is the best way to do this ?
Any pointers would be of great help.
Thanks,
Ben