Parsing Logstash grok-Apache访问日志
我想解析我的apache访问日志,但我猜我的grok模式中有问题 以下是我想分析的日志Parsing Logstash grok-Apache访问日志,parsing,logstash,logstash-grok,Parsing,Logstash,Logstash Grok,我想解析我的apache访问日志,但我猜我的grok模式中有问题 以下是我想分析的日志 "message": "221.251.246.139 - - [14/Sep/2020:04:56:04 +0000] \"POST /services/api/agent/liveview_image_upload HTTP/1.1\" 200 45 \"-\" \"Mozilla/5.0 (Windows NT 10.0;
"message": "221.251.246.139 - - [14/Sep/2020:04:56:04 +0000] \"POST /services/api/agent/liveview_image_upload HTTP/1.1\" 200 45 \"-\" \"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko\" 6019 234 1618 \"-\""
%{IPORHOST:clientip} %{USER:ident} %{USER:auth} \[%{HTTPDATE:timestamp}\] "(?:%{WORD:verb} %{NOTSPACE:request}(?: HTTP/%{NUMBER:httpversion})) %{NUMBER:response} (?:%{NUMBER:bytes})
我怎样才能解析其余的?到目前为止,我所做的事情是否正确?您可以使用
%{HTTPD_COMMONLOG}%{IPORHOST:clientip}%{HTTPDUSER:ident}%{HTTPDUSER:auth}\[%{HTTPDATE:timestamp}\]“(?:%{WORD verb}%{NOTSPACE request}:HTTP/%{NUMBER:httpversion})?%{DATA:rawrequest}(?:-{(?:-|%{NUMBER:bytes})%{HTTPD_COMMONLOG}