有人可以帮我理解这个日志吗?
Can somebody help me to grok this log?
127.0.0.1 - - [21/May/2016:13:43:37 +0200] "GET /images/example.png HTTP/1.1" 304 0 “-” "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:46.0) Gecko/20100101 Firefox/46.0" “-”
这是一个 Apache 日志,grok 有一个专用于那个的模式,叫做 COMBINEDAPACHELOG
。所以你的 grok 可以这样定义:
grok {
match => {"message" => "%{COMBINEDAPACHELOG}"}
}
您将收到这样的活动:
{
"message" => "127.0.0.1 - - [21/May/2016:13:43:37 +0200] \"GET /images/example.png HTTP/1.1\" 304 0 \"-\" \"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:46.0) Gecko/20100101 Firefox/46.0\" \"-\"",
"@version" => "1",
"@timestamp" => "2016-05-23T07:43:53.439Z",
"host" => "iMac.local",
"clientip" => "127.0.0.1",
"ident" => "-",
"auth" => "-",
"timestamp" => "21/May/2016:13:43:37 +0200",
"verb" => "GET",
"request" => "/images/example.png",
"httpversion" => "1.1",
"response" => "304",
"bytes" => "0",
"referrer" => "\"-\"",
"agent" => "\"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:46.0) Gecko/20100101 Firefox/46.0\""
}
127.0.0.1 - - [21/May/2016:13:43:37 +0200] "GET /images/example.png HTTP/1.1" 304 0 “-” "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:46.0) Gecko/20100101 Firefox/46.0" “-”
这是一个 Apache 日志,grok 有一个专用于那个的模式,叫做 COMBINEDAPACHELOG
。所以你的 grok 可以这样定义:
grok {
match => {"message" => "%{COMBINEDAPACHELOG}"}
}
您将收到这样的活动:
{
"message" => "127.0.0.1 - - [21/May/2016:13:43:37 +0200] \"GET /images/example.png HTTP/1.1\" 304 0 \"-\" \"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:46.0) Gecko/20100101 Firefox/46.0\" \"-\"",
"@version" => "1",
"@timestamp" => "2016-05-23T07:43:53.439Z",
"host" => "iMac.local",
"clientip" => "127.0.0.1",
"ident" => "-",
"auth" => "-",
"timestamp" => "21/May/2016:13:43:37 +0200",
"verb" => "GET",
"request" => "/images/example.png",
"httpversion" => "1.1",
"response" => "304",
"bytes" => "0",
"referrer" => "\"-\"",
"agent" => "\"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:46.0) Gecko/20100101 Firefox/46.0\""
}