我应该使用什么模式来捕获 Logstash 中的 apache vhost 项目?
What pattern should I use to catch apache vhost items in Logstash?
我正在尝试在 logstash grok 命令中捕获以下内容:
www.example.com:443 41.177.65.213 - - [03/Sep/2016:15:05:49 +0200] "GET
/feed/history?symbol=GGI&resolution=D&from=1472043948&to=1472907948
HTTP/1.1" 200 1337 "https://www.example.com" "Mozilla/5.0 (Windows NT 10.0; Win64;
x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116
Safari/537.36"
我试过:
grok {
match => { "message" => "%{HOSTNAME:vhost}\:%{NUMBER:port} %{COMBINEDAPACHELOG}" }
}
但是好像不行
管理它:
grok {
match => { "message" => "%{HOSTNAME:vhost}:%{NUMBER:port} %
{IPORHOST:clientip} - - \[%{HTTPDATE:timestamp}\] (?:%{WORD:verb} %
{NOTSPACE:request}(?: HTTP/%{NUMBER:httpversion})?|%{DATA:rawrequest}) %
{QS:agent}" }
}
有点多,我知道。我用这个 github patterns resource
我正在尝试在 logstash grok 命令中捕获以下内容:
www.example.com:443 41.177.65.213 - - [03/Sep/2016:15:05:49 +0200] "GET
/feed/history?symbol=GGI&resolution=D&from=1472043948&to=1472907948
HTTP/1.1" 200 1337 "https://www.example.com" "Mozilla/5.0 (Windows NT 10.0; Win64;
x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116
Safari/537.36"
我试过:
grok {
match => { "message" => "%{HOSTNAME:vhost}\:%{NUMBER:port} %{COMBINEDAPACHELOG}" }
}
但是好像不行
管理它:
grok {
match => { "message" => "%{HOSTNAME:vhost}:%{NUMBER:port} %
{IPORHOST:clientip} - - \[%{HTTPDATE:timestamp}\] (?:%{WORD:verb} %
{NOTSPACE:request}(?: HTTP/%{NUMBER:httpversion})?|%{DATA:rawrequest}) %
{QS:agent}" }
}
有点多,我知道。我用这个 github patterns resource