Hi,
I would like to extract the value of a cookie from an HTTP request but up until now I can´t make it work.
I´m trying to get from a request field like this
GET /trading/css/main.css?version=4.4.0 HTTP/1.1, Host: example.com, Connection: keep-alive, sec-ch-ua: %22Chromium%22;v=%2292%22, %22 Not A;Brand%22;v=%2299%22, %22Google Chrome%22;v=%2292%22, sec-ch-ua-mobile: ?0, User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36, Accept: text/css,*/*;q=0.1, Sec-Fetch-Site: same-origin, Sec-Fetch-Mode: no-cors, Sec-Fetch-Dest: style, Accept-Encoding: gzip, deflate, br, Accept-Language: en-US,en;q=0.9, Cookie: _imp_di_pc_=AeiKv2AAAAAA%2Fe2%2Bl0tSpWzh1QMWVNiq; _imp_apg_r_=%7B%22diA%22%3A%22AeiKv2AAAAAA%2Fe2%2Bl0tSpWzh1QMWV f5did=SELECT+IF%28+USER%28%29+LIKE+%27root%40%25%27%2C+BENCHMARK%28100000%2CSHA1%28%27test%27%29%29%2C+%27false%27%29%3B; TS017a1cec=01b48180428042621a43fb9eb5a96afbcffd42e83ec7ebd222f4ed66d4621184363ff53bfcb5059689d9253d43f19b1336ef6f5d0d8e94453021ae1e7789599141b36f7c52
the cookie value of imp_apg_r. For this I got this grok filter
match => {
request => [ (?<deviceid_raw>imp_apg_r=[^;]*) ]
}
Can anyone point me to the right direction?
Thanks in advance!!