I am getting error while loading below line in elastic using gork filter
192.168.72.177 - - [22/Dec/2002:23:32:14 -0400] "GET
/news/sports.html HTTP/1.1" 200 3500 www.yahoo.com
"http://www.some.com/ " "Mozilla/4.0 (compatible; MSIE .
Can someone help me with gork pattern
Rios
(Rios)
May 9, 2022, 8:20am
2
This is Apache log.
192.168.72.177 - - [22/Dec/2002:23:32:14 -0400] "GET /news/sports.html HTTP/1.1" 200 3500 www.yahoo.com "http://www.some.com/ " "Mozilla/4.0 (compatible; MSIE ."
Use:
grok {
match => {
"message" => "%{COMMONAPACHELOG}"
}
}
COMMONAPACHELOG or COMBINEDAPACHELOG
logstash-patterns/grok-patterns at master · hpcugent/logstash-patterns · GitHub
Hello,
What error do you have?
What's the grok pattern you're trying?
It can be helpful to know what are you trying and give a better answer.
You can use %{COMMONAPACHELOG}
mentioned by @Rios
Or you can also try with the following grok pattern (I think it's not necessary to explain every field, in this case the words make sense):
%{IP:client_ip} - - \[%{HTTPDATE:apache_timestamp}\] \"%{WORD:method} /%{NOTSPACE:request_page} HTTP/%{NUMBER:http_version}\" %{NUMBER:server_response} %{NUMBER:data_transfered} %{HOSTNAME:website} \"%{URI}\" \"%{GREEDYDATA:useragent}
system
(system)
Closed
June 6, 2022, 8:26am
4
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.