Hi,
I am new to to the ELK stack and managed to get the first data into elastic and perform some searches. Now I would like to work with some of my customized web server logs. Very probably this has been answered before, but as I am new the the whole topic I probably don't know the terms to find it - sorry if that's the case.
The logs have a structure which I put into a grok pattern:
\A%{TIMESTAMP_ISO8601} %{IP} %{USERNAME} %{HOSTNAME} %{WORD} %{URIPATH} %{NOTSPACE} %{NUMBER} %{NOTSPACE} %{NOTSPACE} %{NOTSPACE} %{NOTSPACE} %{NOTSPACE} %{NOTSPACE} %{NOTSPACE} %{NOTSPACE} %{NOTSPACE}
Now the first %{NOTSPACE} contains at least one ore more URL parameters like
?color=blue&number=56&weather=sunny
Would it be possible to have these extracted as separate fields whenever they occur? All of these parameters are name:value pairs, none of them is there all the time and the amount of them per log line can differ.
Thank you!