e5d564136b
The message field for these format files wasn't renamed when the input field was renamed. This problem was masked by Monasca which renames the message field back to 'message' for the Fluentd Monasca output plugin. Change-Id: I2674958b1e64efddbca4765fefa55431261648e6 Closes-Bug: #1819168
11 lines
350 B
Django/Jinja
11 lines
350 B
Django/Jinja
<filter apache_access>
|
|
@type parser
|
|
reserve_data true
|
|
format grok
|
|
key_name Payload
|
|
grok_pattern \[%{HTTPDATE:Timestamp}\] "(?:%{WORD:http_method} %{NOTSPACE:http_url}(?: HTTP/%{NUMBER:http_version})?|%{DATA:rawrequest})" %{NUMBER:http_status} (?:\d+|-)
|
|
time_key Timestamp
|
|
time_format %d/%b/%Y:%H:%M:%S %z
|
|
keep_time_key true
|
|
</filter>
|