From 63213c0e2317bcd3fe934d6481db5d900d431901 Mon Sep 17 00:00:00 2001 From: Laurie Fisher Date: Tue, 29 Aug 2023 17:54:40 +0100 Subject: [PATCH] Improve grok pattern matching for apache logs Apache grok pattern updated to match the size of response in bytes, the time taken to serve the request and the user-agent that made the request. Change-Id: I8ce6e6e10bbf55ef8aa21f983f4a6c4b6dc24402 --- .../roles/common/templates/conf/format/apache_access.conf.j2 | 2 +- .../notes/improve-apache-grok-pattern-47b0bcd90f464d60.yaml | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) create mode 100644 releasenotes/notes/improve-apache-grok-pattern-47b0bcd90f464d60.yaml diff --git a/ansible/roles/common/templates/conf/format/apache_access.conf.j2 b/ansible/roles/common/templates/conf/format/apache_access.conf.j2 index bef2c4eeb4..ba12c6695d 100644 --- a/ansible/roles/common/templates/conf/format/apache_access.conf.j2 +++ b/ansible/roles/common/templates/conf/format/apache_access.conf.j2 @@ -4,7 +4,7 @@ key_name Payload @type grok - grok_pattern \[%{HTTPDATE:Timestamp}\] "(?:%{WORD:http_method} %{NOTSPACE:http_url}(?: HTTP/%{NUMBER:http_version})?|%{DATA:rawrequest})" %{NUMBER:http_status} (?:\d+|-) + grok_pattern \[%{HTTPDATE:Timestamp}\] "(?:%{WORD:http_method} %{NOTSPACE:http_url}(?: HTTP/%{NUMBER:http_version})?|%{DATA:rawrequest})" %{NUMBER:http_status} (?:%{NUMBER:http_bytes}|-) (?:%{NUMBER:http_response_time_us}|-) "%{DATA:referrer}" "%{DATA:agent}" time_key Timestamp time_format %d/%b/%Y:%H:%M:%S %z keep_time_key true diff --git a/releasenotes/notes/improve-apache-grok-pattern-47b0bcd90f464d60.yaml b/releasenotes/notes/improve-apache-grok-pattern-47b0bcd90f464d60.yaml new file mode 100644 index 0000000000..b0b08fe821 --- /dev/null +++ b/releasenotes/notes/improve-apache-grok-pattern-47b0bcd90f464d60.yaml @@ -0,0 +1,5 @@ +--- +features: + - | + Updates apache grok pattern to match the size of response in bytes, + time taken to serve the request and user agent.