On Monday, August 18, 2014 9:57:41 AM UTC-4, Kevin M wrote:
>
> Could someone help me write a grok filter for this log real quick here is
> what the log looks like:
>
>
> Aug 18 09:40:39 server01 webmin_log: 172.16.16.96 - username
> *[18/Aug/2014:09:40:39
> -0400]* "GET /right.cgi?open=system&open=status HTTP/1.1" 200 3228
>
> here is what I have so far:
>
> match => [ "message", "%{SYSLOGTIMESTAMP:timestamp} %{WORD:Server}
> webmin_log: %{IP:IP_Address} - %{USERNAME:username} *[ stuck at this
> middle part [18/Aug/2014:09:40:39 -0400] *] "%{WORD:method}
> %{URIPATHPARAM:request} HTTP/1.1 %{NUMBER:bytes} %{NUMBER:duration}
>
It is just a sequence of regular expressions catching fields one by one.
Look, e.g at my post.
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/fc1251d5-d346-475d-9d21-bf993b45062e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
