I am working with Logstash and I need to format my log file splitting each field.
The log has next format:
info: ::ffff:127.0.0.1 - ::ffff:127.0.0.1 [26/Jun/2019:11:52:36 +0000] "OPTIONS /api/categories/5ced18e2a0c9a01e879ce704 HTTP/1.1" 200 19 - 0.652
info: ::ffff:127.0.0.1 - - [26/Jun/2019:11:52:36 +0000] "GET /api/categories/5ced18e2a0c9a01e879ce704 HTTP/1.1" 304 - - 12.156
info: ::ffff:127.0.0.1 ::ffff:127.0.0.1 - [26/Jun/2019:11:52:36 +0000] "OPTIONS /api/twitter/5ced18e2a0c9a01e879ce704/1561463556535-1561549956535?from=0&size=10&orderType=desc&order=date&aggregations=true&timeSeriesInterval=1h HTTP/1.1" 200 8 - 0.874
error: ::ffff:127.0.0.1 ::ffff:127.0.0.1 ::ffff:127.0.0.1 [26/Jun/2019:11:52:36 +0000] "GET /api/twitter/5ced18e2a0c9a01e879ce704/1561463556535-1561549956535?from=0&size=10&orderType=desc&order=date&aggregations=true&timeSeriesInterval=1h HTTP/1.1" 400 43 - 9.044
This is the filter that I have been aplied for it in Logstash:
filter {
grok {
match => { "message" => "%{WORD:type}: %{IP:ipclient} - %{IP:ipuser} [%{HTTPDATE:datetime}] \"%{WORD:method} %{URIPATHPARAM:request} %{WORD:httpversion}\" %{WORD:status} %{NUMBER:bytes} - %{NUMBER:responsetime}" }
add_field => [ "received_at", "%{@timestamp}" ]
add_field => [ "received_from", "%{host}" ]
add_field => [ "funcionaaaaaa", "ohoohoooh_yeeeeeeeeeeeeeeeeeeees" ]
}
date {
match => [ "timestamp" , "dd/MM/yyyy - HH:mm:ss" ]
}
}
But this filter does not recognoise my log structure.
Any idea which pattern should solve the problem?.
Thank you.
Aucun commentaire:
Enregistrer un commentaire