Hi,
I am trying to process custom access logs of vernish servers. The log format is:
%h %t %r %>s %b %{resp.http.X-Cache}V %{req.http.user-agent}V %{req.http.referer}V %{geoip.city}V
Here is a sample logs:
Mar 25 09:57:33 X VerticalAlfa X<134>2018-03-25T13:57:32Z cache-scl19420 VerticalAlfa_syslog[28479]: 190.233.180.138 [25/Mar/2018:13:47:30 +0000] POST /diez-platos-fundamentales-de-la-cocina-peruana-1190601?url=https%3A%2F%2Fwww.VerticalAlfa.com%2Fdiez-platos-fundamentales-de-la-cocina-peruana-1190601 HTTP/1.1 503 “-” MISS Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36 https://www.VerticalAlfa.com/diez-platos-fundamentales-de-la-cocina-peruana-1190601 Lima
How do we extract all the field in Logstash?
Here is the logstash filter configuration
> filter {
>
> grok {
> match => {
> "message" => "%{CISCOTIMESTAMP} X %{WORD:vertical} X%{SYSLOG5424PRI}%{SYSLOGLINE}"
> if ("" in [message]) {
> grok {
> match => {
> "message" => "%{IPORHOST:clientip} %{SYSLOG5424SD} %{WORD:verb} %{URIPATHPARAM} HTTP/%{NUMBER:httpversion} %{DATA:reques:int} (?:-|%{NUMBER:bytes:int}) %{WORD:varnish_hierarchy_status} %{QS:referrer} %{QS:agent} %{URI} %{WORD:city}"
> }
> }
> }
> }
> }
>
> }
But it is not matching any logs. Please help.
Cheers
Ferdous Shibly