Skip to content

Commit

Permalink
updated grok pattern
Browse files Browse the repository at this point in the history
  • Loading branch information
Kritika Kritika authored and Kritika Kritika committed Jan 12, 2024
1 parent 78897d8 commit 52b504d
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions config/processors/syslog_audit_a10.proxy.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ filter {
}
grok {
tag_on_failure => "_parsefailure_body2"
match => { "actual_msg" => "^((?<[month]>.*?)(\s)? (?<[date]>.*?) (?<[time]>.*?) (?<[host][hostname]>.*?) (?<[process][name]>.*?)\: \[(?<[event][provider]>.*?)\]\<(?<[log][syslog][severity][code]>.*?)\>)?(?<[event][type]>.*?):(?<[user_agent][original]>.*)(\, (?<[url][path]>.*?)(\] (?<[source][ip]>.*?)))?$" }
match => { "actual_msg" => "^((?<[month]>.*?)(\s)? (?<[date]>.*?) (?<[time]>.*?) (?<[host][hostname]>.*?) (?<[process][name]>.*?)\: \[(?<[event][provider]>.*?)\]\<(?<[log][syslog][severity][code]>.*?)\>)?(?<[event][type]>.*?):(?<[user_agent][original]>.*?)(\, (?<[url][path]>\S*)(\] (?<[source][ip]>.*?)))?$" }
timeout_millis => 500
}
if [month] and [date] and [time] {
Expand Down Expand Up @@ -89,7 +89,7 @@ filter {
}
}
mutate {
remove_field => [ "actual_msg", "month", "date", "time" ]
remove_field => ["actual_msg", "month", "date", "time" ]
}
}
output {
Expand Down

0 comments on commit 52b504d

Please sign in to comment.