Last active
August 29, 2015 14:02
-
-
Save sebclick/747424f50efb971cb2fd to your computer and use it in GitHub Desktop.
Apache2 common log extractor for Graylog2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "extractors": [ | |
| { | |
| "condition_type": "regex", | |
| "condition_value": "(\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})", | |
| "converters": [], | |
| "cursor_strategy": "copy", | |
| "extractor_config": { | |
| "regex_value": "(\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})" | |
| }, | |
| "extractor_type": "regex", | |
| "order": 0, | |
| "source_field": "message", | |
| "target_field": "remote_addr", | |
| "title": "Remote Address" | |
| }, | |
| { | |
| "condition_type": "none", | |
| "condition_value": "", | |
| "converters": [], | |
| "cursor_strategy": "copy", | |
| "extractor_config": { | |
| "regex_value": "\"(.*)\"" | |
| }, | |
| "extractor_type": "regex", | |
| "order": 2, | |
| "source_field": "message", | |
| "target_field": "request", | |
| "title": "Request" | |
| }, | |
| { | |
| "condition_type": "none", | |
| "condition_value": "", | |
| "converters": [], | |
| "cursor_strategy": "copy", | |
| "extractor_config": { | |
| "end_index": 3, | |
| "begin_index": 0 | |
| }, | |
| "extractor_type": "substring", | |
| "order": 3, | |
| "source_field": "request", | |
| "target_field": "request_verb", | |
| "title": "Request Verb" | |
| }, | |
| { | |
| "condition_type": "none", | |
| "condition_value": "", | |
| "converters": [], | |
| "cursor_strategy": "copy", | |
| "extractor_config": { | |
| "index": 2, | |
| "split_by": " " | |
| }, | |
| "extractor_type": "split_and_index", | |
| "order": 4, | |
| "source_field": "request", | |
| "target_field": "request_path", | |
| "title": "Request Path" | |
| }, | |
| { | |
| "condition_type": "none", | |
| "condition_value": "", | |
| "converters": [], | |
| "cursor_strategy": "copy", | |
| "extractor_config": { | |
| "index": 3, | |
| "split_by": " " | |
| }, | |
| "extractor_type": "split_and_index", | |
| "order": 5, | |
| "source_field": "request", | |
| "target_field": "http_version", | |
| "title": "HTTP Version" | |
| }, | |
| { | |
| "condition_type": "none", | |
| "condition_value": "", | |
| "converters": [ | |
| { | |
| "config": {}, | |
| "type": "numeric" | |
| } | |
| ], | |
| "cursor_strategy": "copy", | |
| "extractor_config": { | |
| "regex_value": " (\\d{3}) \\d+$" | |
| }, | |
| "extractor_type": "regex", | |
| "order": 6, | |
| "source_field": "message", | |
| "target_field": "response_status", | |
| "title": "Response Status" | |
| }, | |
| { | |
| "condition_type": "none", | |
| "condition_value": "", | |
| "converters": [ | |
| { | |
| "config": {}, | |
| "type": "numeric" | |
| } | |
| ], | |
| "cursor_strategy": "copy", | |
| "extractor_config": { | |
| "regex_value": " (\\d+)$" | |
| }, | |
| "extractor_type": "regex", | |
| "order": 7, | |
| "source_field": "message", | |
| "target_field": "response_bytes", | |
| "title": "Response Bytes" | |
| }, | |
| { | |
| "condition_type": "none", | |
| "condition_value": "", | |
| "converters": [ | |
| { | |
| "config": { | |
| "date_format": "dd'/'MMM'/'yyyy':'HH':'mm':'ss Z" | |
| }, | |
| "type": "date" | |
| } | |
| ], | |
| "cursor_strategy": "copy", | |
| "extractor_config": { | |
| "regex_value": "\\[(.*)\\]" | |
| }, | |
| "extractor_type": "regex", | |
| "order": 1, | |
| "source_field": "message", | |
| "target_field": "date_request", | |
| "title": "Request Timestamp" | |
| } | |
| ], | |
| "version": "0.20.2" | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment