Hi Team,
I am working something with (semi apache access log), copied below and i have also published my logstash conf file, i could see bytes,IP,date and respsonse code usually considerd as strings in kibana. I am able to resolve the problems with bytes and response by exclusively defining the mutate filter but the problems with IP and date persists.
0 10.00.00.208 - - [25/Jul/2018:00:00:08 -0700] "GET /Hollywood/movies/images/MT_searchMagnifier.svg HTTP/1.1" 200 388 "https://movies.ptin8.corp.prk.com/Hollywood/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64)AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36" GET /Hollywood/movies/images/MT_searchMagnifier.svg "-" "" "HTTP/1.1" prkolnx5124 "-" "-"
0 10.00.00.208 - - [25/Jul/2018:00:00:08 -0700] "GET /Hollywood/movies/images/MT_Mylist_normal.svg HTTP/1.1" 200 466 "https://movies.ptin8.corp.prk.com/Hollywood/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36" GET /Hollywood/movies/images/MT_MySales_normal.svg "-" "" "HTTP/1.1" prkolnx5124 "-" "-"
0 10.00.00.208 - - [25/Jul/2018:00:00:08 -0700] "GET /Hollywood/movies/images/MT_Openmovies_normal.svg HTTP/1.1" 200 442 "https://movies.ptin8.corp.prk.com/Hollywood/" "Mozilla/5.0 (Windows NT 10.0; Win64; x
64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36" GET /Hollywood/movies/images/MT_Openmovies_normal.svg "-" "" "HTTP/1.1" prkolnx5124 "-" "-"
0 10.00.00.208 - - [25/Jul/2018:00:00:08 -0700] "GET /Hollywood/movies/images/MT_Transactions_normal.svg HTTP/1.1" 200 371 "https://movies.ptin8.corp.prk.com/Hollywood/" "Mozilla/5.0 (Windows NT 10.0; Win64; x
64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36" GET /Hollywood/movies/images/MT_Transactions_normal.svg "-" "" "HTTP/1.1" prkolnx5124 "-" "-"
0 10.00.00.208 - - [25/Jul/2018:00:00:08 -0700] "GET /Hollywood/movies/images/MT_Dasboard_onClick.svg HTTP/1.1" 200 387 "https://movies.ptin8.corp.prk.com/Hollywood/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36" GET /Hollywood/movies/images/MT_Dasboard_onClick.svg "-" "" "HTTP/1.1" prkolnx5124 "-" "-"
0 10.00.00.208 - - [25/Jul/2018:00:00:08 -0700] "GET /Hollywood/movies/images/MT_Dasboard_myClients_normal.svg HTTP/1.1" 200 663 "https://movies.ptin8.corp.prk.com/Hollywood/" "Mozilla/5.0 (Windows NT 10.0; Wi
n64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36" GET /Hollywood/movies/images/MT_Dasboard_myClients_normal.svg "-" "" "HTTP/1.1" prkolnx5124 "-" "-"
0 10.00.00.208 - - [25/Jul/2018:00:00:09 -0700] "GET /Hollywood/movies/images/down_Arrow_Blue.svg HTTP/1.1" 200 239 "https://movies.ptin8.corp.prk.com/Hollywood/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36" GET /Hollywood/movies/images/down_Arrow_Blue.svg "-" "" "HTTP/1.1" prkolnx5124 "-" "-"
My logstash conf file
input {
beats {
port => "5041"
}
}
filter {
grok {
match => { "message" => "%{CISCO_REASON:ignor1} %{COMBINEDAPACHELOG} %{GREEDYDATA:ignore2}" }
}
mutate {
convert => { "bytes" => "integer" }
}
mutate {
convert => { "response" => "integer" }
}
mutate {
strip => ["ignore1","ignore2"]
}
}