Offline
(Chris Edwards)
1
First time using an extractor. This log file is from AWS ALB log files. Any help being pointed in the right direction would be very helpful.
https 2020-08-24T18:04:57.668020Z app/123456/60edf343434 40.11.214.111:11504 10.97.11.23:8998 0.024 0.026 0.000 200 200 96 205 "GET https://eu2.httpgw.api.blah.com:443/ClientDR/ClientDR?UN=complfdfcofdfun&P=ZKT5Nhhz HTTP/1.1" "-" ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 arn:aws:elasticloadbalancing:eu-west-1:170623333325:targetgroup/vdd-rdb/b4e1e9 "Root=1-5f440149-5dwwww1d5c880ec" "eu2.httpgw.api.blah.com" "arn:aws:acm:eu-west-1:170622225025:certificate/cd3asdfe-4a1f-48bb-ac3f-b34asdffd9" 101 2020-08-24T18:04:57.618000Z "forward" "-" "-" "10.99.11.23:8988" "200" "-" "-"
Thanks,
Chris
Hey @Offline, welcome!
What are you trying to accomplish?
Offline
(Chris Edwards)
3
I figured it out. I was trying to match AWS ALBβs for graylog. Here is what I came up with that seems to work.
%{NOTSPACE:request_type} %{NOTSPACE:log_timestamp} %{NOTSPACE:alb-name} %{NOTSPACE:client} %{NOTSPACE:target} %{NOTSPACE:request_processing_time:float} %{NOTSPACE:target_processing_time:float} %{NOTSPACE:response_processing_time:float} %{NOTSPACE:elb_status_code} %{NOTSPACE:target_status_code:int} %{NOTSPACE:received_bytes:float} %{NOTSPACE:sent_bytes:float} %{QUOTEDSTRING:request} %{QUOTEDSTRING:user_agent} %{NOTSPACE:ssl_cipher} %{NOTSPACE:ssl_protocol} %{NOTSPACE:target_group_arn} %{QUOTEDSTRING:trace_id} "%{DATA:domain_name}" "%{DATA:chosen_cert_arn}" %{NOTSPACE:matched_rule_priority:int} %{NOTSPACE:request_creation_time} "%{DATA:actions_executed}" "%{DATA:redirect_url}" "%{DATA:error_reason}" "%{NOTSPACE:target_port_list}" "%{NOTSPACE:target_status_code_list}" "%{NOTSPACE:classification}" "%{NOTSPACE:classification_reason}"
1 Like
Nice, glad you got it working and thanks for sharing your solution!
system
(system)
Closed
5
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
