Not able to understand this grok filter for a particular code

deepanshu_goel · June 24, 2019, 5:53am

Here ,i am using a log file but i am not able to understand why the grok is working can anyone please explain me this .
MY ACCESS LOG IS:-
184.252.108.229 - - [20/Sep/2017:13:22:22 +0200] "GET /css/style.css HTTP/1.1" 200 11679 "https://codingexplained.com/products/view/123" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36"

AND THE CONFIGURATION FILE WHICH I AM USING IS:-
input
{
file {

 path=>"E:/kibana/logstash-7.1.1/logstash-7.1.1/data/event-data/apache_access.log"
    type => "apache-access" 
 start_position => "beginning"
       
     }

http {
host => "127.0.0.1"
port => 8080
}
}

filter
{

    **grok{**

** match => { "message" => '%{HTTPD_COMMONLOG} "%{GREEDYDATA:referrer}" "%{GREEDYDATA:agent}"' } **

** }**
}
output
{

stdout{

      codec=>rubydebug  
   
    }

}
(PLEASE HELP ME OUT OF THIS)

Wolfram_Haussig · June 24, 2019, 12:28pm

HTTPD_COMMONLOG is a pattern defind in the logstash core: https://github.com/logstash-plugins/logstash-patterns-core/blob/master/patterns/httpd (More patterns can be found here)

So basically this is the resolved complete pattern:
%{IPORHOST:clientip} %{HTTPDUSER:ident} %{HTTPDUSER:auth} [%{HTTPDATE:timestamp}] "(?:%{WORD:verb} %{NOTSPACE:request}(?: HTTP/%{NUMBER:httpversion})?|%{DATA:rawrequest})" %{NUMBER:response} (?:%{NUMBER:bytes}|-) "%{GREEDYDATA:referrer}" "%{GREEDYDATA:agent}"

system · July 22, 2019, 12:28pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.