Hi,
i’m trying to parse some of the fields using logstash, for this i’m using grok filter plugin.
this is my sample http log message generated by nginx-
localhost - - [28/Jul/2020:09:11:42 +0000] “GET /_cat/indices HTTP/1.1” 401 0 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36” “-” 0.007 req_body:“-”
and my grok filter plugin is-
match => ["message", "%{IPORHOST:clientip} (?:-|(%{WORD}.%{WORD})) %{USER:ident} \[%{HTTPDATE:timestamp}\] (?: %{WORD:verb} %{URIPATHPARAM:request} (?: HTTP/%{NUMBER:httpversion})?|%{DATA:rawrequest}) %{NUMBER:response} (?:%{NUMBER:bytes}|-) %{QS:referrer} %{QS:agent} %{QS:forwarder} %{BASE10NUM:request_duration} %{WORD:req_body}"]
and i want to parse out the fields like method, request, request body using logstash.
how can i accomplish this? any suggestions would be helpful.
Thanks!