We are loading access logs data into elasticsearch using logstash.log file data look like below.
2020-12-14 05:19:27.441 10.20.20.198 - narayana.sathya [14/Dec/2020:05:19:27 +0000] "GET /zoomdata/api/groups/5c9349a029a3fa0700a243ae HTTP/1.1" 200 5552 "https://ift.tt/3h98wK9" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60" 315
Could anybody help me to get GROK pattern for above file , i have written below GROK patten in logstash configuration file but getting error.
grok { match => [ "message", "%{DATESTAMP_12H:timestamp} %{NUMBER:ip} %{WORD:user} %{DATESTAMP_12H:timestamp} %{WORD:api_details} %{NUMBER:responce_type} %{NUMBER:type} %{WORD:dashbaord} %{GREEDYDATA:daemon_message}" ] }
Aucun commentaire:
Enregistrer un commentaire