-
Notifications
You must be signed in to change notification settings - Fork 6
Expand file tree
/
Copy pathapache_combined.yaml
More file actions
48 lines (47 loc) · 1.42 KB
/
apache_combined.yaml
File metadata and controls
48 lines (47 loc) · 1.42 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
version: 0.0.1
title: Apache Combined
description: Log parser for Apache combined format
parameters:
- name: log_path
label: Log Path
description: Path to apache combined formatted log file
type: string
default: "/var/log/apache_combined.log"
required: true
- name: start_at
label: Start At
description: Start reading file from 'beginning' or 'end'
type: enum
valid_values:
- beginning
- end
default: end
# Set Defaults
#{{$log_path := default "/var/log/apache_combined.log" .log_path}}
#{{$start_at := default "end" .start_at}}
pipeline:
- id: log_reader
type: file_input
include:
- {{ $log_path }}
start_at: {{ $start_at }}
labels:
log_type: 'apache_combined'
plugin_id: {{ .id }}
output: apache_combined_regex_parser
- id: apache_combined_regex_parser
type: regex_parser
regex: '^(?P<remote_addr>[^ ]*) (?P<remote_host>[^ ]*) (?P<remote_user>[^ ]*) \[(?P<time>[^\]]*)\] "(?P<method>\S+) +(?P<path>[^ ]*)( (?P<protocol>[^/]*)/(?P<protocol_version>[^\"]*)|[^\"]*)?" (?P<status>[^ ]*) (?P<body_bytes_sent>[^ ]*) "(?P<http_referer>[^\"]*)" "(?P<http_user_agent>[^\"]*)'
timestamp:
parse_from: time
layout: '%d/%b/%Y:%H:%M:%S %z'
severity:
parse_from: status
preset: none
preserve_to: status
mapping:
info: 2xx
notice: 3xx
warning: 4xx
error: 5xx
output: {{ .output }}