Hello guys! I'm trying to parse the following type of log message: 111.22.333.444 - - [08/Jan/2020:11:50:15 +0100] [https://awdasfe.asfeaf.cas:111] "POST /VFQ3P/asfiheasfhe/v2/safiehjafe/check HTTP/1.1" 204 0 "-" "-" (rt=0.555 urt=0.555 uct=0.122 uht=0.11) My logstash conf file: input { beats …

[image] Vladpov: I think at some point it should show the raw request part like POST /VFQ3P/asfiheasfhe/v2/safiehjafe/check HTTP/1.1 and parse into verb and http version at the same time No, alternation (the pipe character) does not work that way. If tries to parse it using the first part of …

Logstash parsing problem

Elastic Stack Logstash

Vladpov January 9, 2020, 7:01pm 5

Thank you very much for replying!

I just found the related topic to my question! How can i parse one field further into different fields in another grok pattern?

Topic		Replies	Views
_grokparsefailure in the file Logstash	6	948	August 30, 2017
_grokparsefailure but grok debugger looks good Logstash	18	2816	August 19, 2021
_grokparsefailure inspite of working well with grok debugger Logstash	10	1767	May 4, 2019
_grokparsefailure in Kibana although Grok tester returns "matched" Logstash	6	335	August 10, 2018
GROK pattern not working in Logstash Logstash	2	300	April 10, 2019

Logstash parsing problem

Related topics