Querying Apache URL Requests in Kibana

Andrew225 · June 29, 2020, 4:18pm

I have deployed Elasticsearch 7.7.1-1, Logstash 7.7.1-1 and Kibana 7.7.1-1. I am shipping logs to Logstash using Filebeat.

I am developing a query to parse the request field of the apache logs. I have noticed there is a request.keyword field, a rawrequest and a rawrequest.keyword field but they don't seem to be populated. The problem I'm having is that the URL contains capital letters and any query I author that contains any of the letters (For Example: TEST or test) fails to match.

I don't know if either is normal behavior (the fact that the fields are empty and that even non case sensitive queries are failing to match).

Thanks in Advance.

Andrew225 · June 30, 2020, 4:08pm

I was able to solve the first problem by aggregating through visualize and not searching through discover, however even in visualize when aggregating through Terms, I cannot seem to either use the search bar or "include" to capture a string that is originally uppercase.

Andrew225 · June 30, 2020, 4:17pm

And just like that, now include is working. Solved.

system · July 28, 2020, 4:17pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.