Has anyone mapped the various Apache HTTPD logging variables/output to the Elastic Common Schema? Seems like it should be pretty straightforward but tedious, and really useful.
If you've done any of this, please share!
I've dumped a CSV file of most of the variables here: [Apache HTTPD output variables](https:// pastebin . com / RfsV7bSr ) to help get this started.
Hi @greenbeans
This has already been done with filebeat Apache module.
Or elastic agent Apache logs integration.
Hi @stephenb
Thanks for the superfast response and pointers to documentation!
I looked over both, and I'll certainly be trying out the Elastic Agent integration.
The filebeat module looks to me like it reads the standard Combined LogFormat plus a few variations. The most detailed one is "Combined Log Format + X-Forwarded-For header + Response time".
I need more, especially the SSL DN of the client, and the UNIQUE_ID. So I think there's an opportunity to do a more thorough mapping. In the meantime, I'll look through the Apache module's source on github to try to figure out what's already been mapped.
If anyone has more to contribute, please get in touch!
Thanks again,
-Robert
You can install either then make a copy of the ingest pipeline and the modify... It will be a good place to start from.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.