konstan/gist:45fcd0e29996ef401939b97590a97317

## gistfile1.txt
# Grok pattern for Restlet log entry. Only for the first 14 fields.
#
#  1. Date (YYYY-MM-DD)
#  2. Time (HH:MM:SS)
#  3. Client address (IP)
#  4. Remote user identifier (see RFC 1413)
#  5. Server address (IP)
#  6. Server port
#  7. Method (GET|POST|...)
#  8. Resource reference path (including the leading slash)
#  9. Resource reference query (excluding the leading question mark)
# 10. Response status code
# 11. Number of bytes sent
# 12. Number of bytes received
# 13. Time to serve the request (in milliseconds)
# 14. Host reference
# 15. Client agent name
# 16. Referrer reference

# Pattern:
%{RESTLET_DATE:date}\s+%{TIME:time}\s+%{IP:remote-ip}\s+%{USER:remote-user-id}\s+%{IP:server-ip}\s+%{POSINT:server-port}\s+%{WORD:method}\s+%{URIPATH:resource}\s+%{RESTLET_URIPARAM:query}\s+%{NUMBER:status}\s+%{NUMBER:bytes-sent}\s+%{NUMBER:bytes-received}\s+%{NUMBER:response-time}\s+%{URI:host-ref}

# Additional patterns:
RESTLET_DATE %{YEAR}-%{MONTHNUM}-%{MONTHDAY}
RESTLET_URIPARAM [A-Za-z0-9$.+!*'|(){},~@#%&/=:;_?\-\[\]]*

# For validation go to http://grokconstructor.appspot.com/do/match
# Use this log entry for validation
2017-01-03 10:33:06 127.0.0.1 - 127.0.0.1 80 GET /run/foo/bar/baz abc=&offset=0&limit=20&cde=&activeOnly=1 200 55572 0 2382 http://192.168.40.119 Mozilla/XXX (Macintosh; Intel Mac OS X YYY) AppleWebKit/XXX (KHTML, like Gecko) Chrome/XXX Safari/XXX https://192.168.40.119/resource
	# Grok pattern for Restlet log entry. Only for the first 14 fields.
	#
	# 1. Date (YYYY-MM-DD)
	# 2. Time (HH:MM:SS)
	# 3. Client address (IP)
	# 4. Remote user identifier (see RFC 1413)
	# 5. Server address (IP)
	# 6. Server port
	# 7. Method (GET\|POST\|...)
	# 8. Resource reference path (including the leading slash)
	# 9. Resource reference query (excluding the leading question mark)
	# 10. Response status code
	# 11. Number of bytes sent
	# 12. Number of bytes received
	# 13. Time to serve the request (in milliseconds)
	# 14. Host reference
	# 15. Client agent name
	# 16. Referrer reference

	# Pattern:
	%{RESTLET_DATE:date}\s+%{TIME:time}\s+%{IP:remote-ip}\s+%{USER:remote-user-id}\s+%{IP:server-ip}\s+%{POSINT:server-port}\s+%{WORD:method}\s+%{URIPATH:resource}\s+%{RESTLET_URIPARAM:query}\s+%{NUMBER:status}\s+%{NUMBER:bytes-sent}\s+%{NUMBER:bytes-received}\s+%{NUMBER:response-time}\s+%{URI:host-ref}

	# Additional patterns:
	RESTLET_DATE %{YEAR}-%{MONTHNUM}-%{MONTHDAY}
	RESTLET_URIPARAM [A-Za-z0-9$.+!'\|(){},~@#%&/=:;_?\-\[\]]

	# For validation go to http://grokconstructor.appspot.com/do/match
	# Use this log entry for validation
	2017-01-03 10:33:06 127.0.0.1 - 127.0.0.1 80 GET /run/foo/bar/baz abc=&offset=0&limit=20&cde=&activeOnly=1 200 55572 0 2382 http://192.168.40.119 Mozilla/XXX (Macintosh; Intel Mac OS X YYY) AppleWebKit/XXX (KHTML, like Gecko) Chrome/XXX Safari/XXX https://192.168.40.119/resource