Unable to write grok filter for access.log


I have an access.log for which i need grok filter to ingest logs to logstash. I have passing the grok filter in logstash.conf.

Access.log: - - [16/May/2021:23:40:32 -0400] [https-jsse-nio-8443-exe-40] 372bcb7832464258b3fb3bfc8324053 "GET /api/v3/projects/1103/test-runs?parentType=test-suit&parentID=null HTTP/1.1" 200 240 26

Grok filter didn't work:
grok { match =>["message","%{COMBINEDAPACHELOG}"]}

Ipsita Dash

COMBINEDAPACHELOG expects useragent and referer fields to be present. Your log format looks like HTTPD_COMMONLOG.

It showed compile error

Actually your format is not HTTPD_COMMONLOG either. You will need a custom pattern. You can use the examples I linked to as a starting point.

Can't find out the example linked. Can you please relink it again?

The httpd related patterns are here.

Thank you, i will go through it.

I too have a same issue. Great update thank you for fixing this issue

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.