Querying Apache URL Requests in Kibana

Andrew225 · June 29, 2020, 4:18pm

I have deployed Elasticsearch 7.7.1-1, Logstash 7.7.1-1 and Kibana 7.7.1-1. I am shipping logs to Logstash using Filebeat.

I am developing a query to parse the request field of the apache logs. I have noticed there is a request.keyword field, a rawrequest and a rawrequest.keyword field but they don't seem to be populated. The problem I'm having is that the URL contains capital letters and any query I author that contains any of the letters (For Example: TEST or test) fails to match.

I don't know if either is normal behavior (the fact that the fields are empty and that even non case sensitive queries are failing to match).

Thanks in Advance.

Andrew225 · June 30, 2020, 4:08pm

I was able to solve the first problem by aggregating through visualize and not searching through discover, however even in visualize when aggregating through Terms, I cannot seem to either use the search bar or "include" to capture a string that is originally uppercase.

Andrew225 · June 30, 2020, 4:17pm

And just like that, now include is working. Solved.

system · July 28, 2020, 4:17pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
[solved] Problems with "/" as value / apache logs in logstash Elasticsearch	4	423	May 31, 2018
Search using complex regex is not working on Kibana 6 Kibana	4	5388	March 14, 2018
Filtering documents in kibana by prefix - inconsistent results Kibana	4	8344	July 6, 2017
Unwanted tokenising of apache log fields: referer and request Elasticsearch	1	382	July 6, 2017
Parsing query part from Apache log Elasticsearch	1	227	September 8, 2021

Querying Apache URL Requests in Kibana

Related topics