我应该使用什么模式来捕获Logstash中的apache vhost项?

时间:2016-09-03 13:27:22

标签: logstash logstash-grok

我试图在logstash grok命令中捕获以下内容:

    www.example.com:443 41.177.65.213 - - [03/Sep/2016:15:05:49 +0200] "GET 
/feed/history?symbol=GGI&resolution=D&from=1472043948&to=1472907948 
HTTP/1.1" 200 1337 "https://www.example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; 
x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 
Safari/537.36"

我试过了:

grok {
      match => { "message" => "%{HOSTNAME:vhost}\:%{NUMBER:port} %{COMBINEDAPACHELOG}" }
    }

但它似乎无法正常工作

1 个答案:

答案 0 :(得分:0)

管理它:

    grok {
          match => { "message" => "%{HOSTNAME:vhost}:%{NUMBER:port} %
{IPORHOST:clientip} - - \[%{HTTPDATE:timestamp}\] (?:%{WORD:verb} %
{NOTSPACE:request}(?: HTTP/%{NUMBER:httpversion})?|%{DATA:rawrequest}) %
{QS:agent}" }
        }

有点多,我知道。我使用了github patterns resource

相关问题
最新问题