I am having a log which contains some lines which are entirely different from remaining lines.
could you please help me with, how can i use conditional statement like if under filter conditions
Hi @Vikash_Singh1,
you can use | as an or and it is also possible to make parts optional with ()?
COMMONAPACHELOGMULTICLIENTIP (%{IPORHOST:clientip}(.{1,2})?)+ %{USER:ident} %{USER:auth} \[%{HTTPDATE:timestamp}\] "(?:%{WORD:verb} %{NOTSPACE:request}(?: HTTP/%{NUMBER:httpversion})?|%{DATA:rawrequest})" %{NUMBER:response} (?:%{NUMBER:bytes}|-)
E.g. the above pattern ends in an optional field that can be a number or -
Not sure what documentation would be best for info... I'm sure Google knows or maybe just a forum search here.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.