red888
February 22, 2018, 11:27pm
1
Im using the useragent plugin in my logstash pipeline:
But its not getting the ELB healthcheck user agent
Here is an example log line:2018-02-22 14:53:31 W3SVC2 myserver 1.1.1.1 GET /index.html - 7777 - 2.2.2.2 HTTP/1.1 ELB-HealthChecker/1.0 - - 1.1.1.1:7777 200 0 0 310 124 2 - - -
so ELB-HealthChecker/1.0 is showing up in kibana as "other".
Can I work around this or add a custom agent if the plugin doesn't have it? Id really like this to show up as the elb healthcheck in kibana.
Thanks for any help!
Have a look at the plugin's regexes option.
red888
February 23, 2018, 7:57pm
3
wow im looking at: https://github.com/ua-parser/uap-core/blob/master/regexes.yaml
I've decided to just drop lines with this useragent but in the future i guess I could just send a pull request to add it?
red888
February 26, 2018, 12:03am
4
Is there a way to just add a regex without creating my own version of the regexes.yaml file?
Maybe i could just mutate this
I think you'll have to supply your own copy of the file.
red888
February 26, 2018, 11:04pm
6
mutate it is! i have 3 custom user agents, hopefully 3 mutate calls won't slow things down in my logstash pipeline
system
March 26, 2018, 11:04pm
7
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.