Hi All
I am new to the Logstash, I need to remove \ from request and Http_method
request": ""GET https://www.docsapp.in:443/dashboardapp/forward/0/content?patientId=6009237 HTTP/2.0""
http_method": ""GET"
I want like this
request": "GET https://www.docsapp.in:443/dashboardapp/forward/0/content?patientId=6009237 HTTP/2.0""
http_method": "GET"
could you please help me?
this is my .conf file
input {
stdin {}
}
filter {
grok {
match => {"message" => '%{NOTSPACE:request_type} %{TIMESTAMP_ISO8601:log_timestamp} %{NOTSPACE:alb-name} %{NOTSPACE:client} %{NOTSPACE:target} %{NOTSPACE:request_processing_time:float} %{NOTSPACE:target_processing_time:float} %{NOTSPACE:response_processing_time:float} %{NOTSPACE:elb_status_code} %{NOTSPACE:target_status_code} %{NOTSPACE:received_bytes:float} %{NOTSPACE:sent_bytes:float} %{QUOTEDSTRING:request} %{QUOTEDSTRING:user_agent} %{NOTSPACE:ssl_cipher} %{NOTSPACE:ssl_protocol} %{NOTSPACE:target_group_arn} %{QUOTEDSTRING:trace_id}'}
}
grok{
match => ["request", "^(%{NOTSPACE:http_method})? (%{NOTSPACE:http_uri})?"]
}
grok{
match => [ "target_group_arn","(?<target_group_arn>[/^])(?.[^/]*)"]
}
mutate {
convert => {
"elb_status_code" => "integer"
"target_status_code" => "integer"
}
}
}
output {
stdout {}
}
Your examples are the same apart from extra quotes?
sorry forget add backlash
I still cannot see a difference in the examples
request": "\"GET https://www.docsapp.in:443/dashboardapp/forward/0/content?patientId=6009237HTTP/2.0""
http_method": "\"GET"
I need
request": "GET https://www.docsapp.in:443/dashboardapp/forward/0/content?patientId=6009237HTTP/2.0""
http_method": "GET"
Can you give me some raw input example lines? 3 or 4 would be good.
h2 2018-11-15T06:34:59.899131Z app/ecs-production-cluster/1e87a951378c7dd2 1.5d1.e5.1ew9:4w913 172.31.7.248:80 0.000 0.009 0.000 200 200 52 216 "POST https://www.docsapp.in:443/dashboardapp/forward/users HTTP/2.0" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36" ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 arn:aws:elasticloadbalancing:us-west-2:514:targetgroup/docsapp-release-tg/831ff227855 "Root=1-5bed1393-32203aa0d2b3c1a0d0e13c7e" "www.docsapp.in" "arn:aws:iam::547500:server-certificate/RenewedSSL" 6 2018-11-15T06:34:59.889000Z "forward" "-" "-
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.