Loading unstructured data

I am getting error while loading below line in elastic using gork filter

192.168.72.177 - - [22/Dec/2002:23:32:14 -0400] "GET
/news/sports.html HTTP/1.1" 200 3500 www.yahoo.com
"http://www.some.com/" "Mozilla/4.0 (compatible; MSIE .

Can someone help me with gork pattern

This is Apache log.
192.168.72.177 - - [22/Dec/2002:23:32:14 -0400] "GET /news/sports.html HTTP/1.1" 200 3500 www.yahoo.com "http://www.some.com/" "Mozilla/4.0 (compatible; MSIE ."

Use:

grok { 
	match => { 
		"message" => "%{COMMONAPACHELOG}"
	} 
}

COMMONAPACHELOG or COMBINEDAPACHELOG
logstash-patterns/grok-patterns at master · hpcugent/logstash-patterns · GitHub

Hello,

  • What error do you have?
  • What's the grok pattern you're trying?

It can be helpful to know what are you trying and give a better answer.

You can use %{COMMONAPACHELOG} mentioned by @Rios

Or you can also try with the following grok pattern (I think it's not necessary to explain every field, in this case the words make sense):

%{IP:client_ip} - - \[%{HTTPDATE:apache_timestamp}\] \"%{WORD:method} /%{NOTSPACE:request_page} HTTP/%{NUMBER:http_version}\" %{NUMBER:server_response} %{NUMBER:data_transfered} %{HOSTNAME:website} \"%{URI}\" \"%{GREEDYDATA:useragent}

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.