Hello folks,
Being new to ELK, I struggled to understand from the following sample grok filter script which reads Apache log file as shown in the picture. I want to find out from this forum if there are any good samples of grok filter for me to practice and go over them.
filter{
grok{
match=>["message",'%{IPORHOST:ClientIPAddress} %{USER:userID} %{USER:Authorization} \[%{HTTPDATE:timestamp}\] "%{WORD:verb} %{URIPATHPARAM:request} HTTP/%{NUMBER:versionnumber}" %{NUMBER:response:int} %{NUMBER:bytesint} %{QS:aaa} %{QS:agent}']
}
date{
match=>["timestamp","dd/MMM/YYYY:HH:mm:ss Z"]
locale=>en
}
geoip{![2018-03-17_19-23-29|690x112](upload://eXBxvNjDgQkL4psiBhX6GJeBwml.jpg)
source=>"ClientIPAddress"
}
}