How to extract the end point and parameters from logs?

Vinit_Kumar · February 1, 2019, 11:00am

Hi All,

Just now I install elastic stack 6.6.0 and trying to write grok everything seems good. But I need to extract more data from the log like:

10.121.123.104 - - [01/Nov/2012:21:01:04 +0100] "GET /cluster HTTP/1.1" 200 1272
10.121.123.104 - - [01/Nov/2012:21:01:17 +0100] "GET /cpc/auth.do?loginsetup=true&targetPage=%2Fcpc%2F HTTP/1.1" 302 466
10.121.123.104 - - [01/Nov/2012:21:01:18 +0100] "GET /cpc?loginsetup=true&targetPage=%252Fcpc%252F HTTP/1.1" 302 -
10.121.123.104 - - [01/Nov/2012:21:01:18 +0100] "GET /cpc/auth.do?loginsetup=true&targetPage=%25252Fcpc%25252F&loginsetup=true HTTP/1.1" 302 494

How to extract
if log is

10.121.123.104 - - [01/Nov/2012:21:01:17 +0100] "GET /cpc/auth.do?loginsetup=true&targetPage=%2Fcpc%2F HTTP/1.1" 302 466

then
END_POINT is /cpc/auth.do
QUERY_APARM is loginsetup=true&targetPage=%2Fcpc%2F HTTP/1.1" 302 466

if log is
10.121.123.104 - - [01/Nov/2012:21:01:04 +0100] "GET /cluster HTTP/1.1" 200 1272
then
END_POINT is /cluster
END_POINT is -

Can anybody have any idea how to do this?
Thanks in Advance.

system · March 1, 2019, 11:00am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.