Is there a good grok user group? I need a pattern!
14 views
Skip to first unread message
Danny de Waard
Jun 24, 2020, 5:14:30 AM6/24/20
to Prometheus Users
Prometheus users,
Who of you knows a good grok site/group/knowledge base where i can figure out my pattern.
I can not figure out how to get my ssl log good in grok.
Example log:
Who of you knows a good grok site/group/knowledge base where i can figure out my pattern.
I can not figure out how to get my ssl log good in grok.
Example log:
10.4.8.69 servername1.some.nl - - [24/Jun/2020:10:39:26 +0200] TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 "HEAD /some/url/to/see HTTP/1.1" 200 - 1014 "-" "-" "Close" "close"10.4.8.70 servername2.some.nl - - [24/Jun/2020:10:39:26 +0200] TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 "HEAD /some/url/to/see HTTP/1.1" 200 - 1905 "-" "-" "Close" "close"10.251.100.81 servername2.some.nl - - [24/Jun/2020:10:39:29 +0200] TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "GET /some/url/to/see HTTP/1.1" 401 104 3593 "-" "blackbox-monitoring" "close" "close"10.251.100.81 servername3.some.nl - - [24/Jun/2020:10:39:31 +0200] TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "GET /some/url/to/see HTTP/1.1" 401 104 3915 "-" "blackbox-monitoring" "close" "close"10.4.8.78 servername.some3.nl - - [24/Jun/2020:10:39:39 +0200] TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 "HEAD /some/url/to/see HTTP/1.1" 200 - 2637 "-" "-" "Close" "close"10.4.8.77 servername.some2.nl - - [24/Jun/2020:10:39:39 +0200] TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 "HEAD /some/url/to/see HTTP/1.1" 200 - 971 "-" "-" "Close" "close"10.4.135.198 servername3.some.nl - - [24/Jun/2020:10:40:05 +0200] TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 "HEAD /some/url/to/see HTTP/1.1" 200 - 1452 "-" "-" "Close" "close"10.4.135.197 servername2.some.nl - - [24/Jun/2020:10:40:06 +0200] TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 "HEAD /some/url/to/see HTTP/1.1" 200 - 1859 "-" "-" "Close" "close"10.251.100.81 servername1.some.nl - - [24/Jun/2020:10:40:06 +0200] TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "GET /some/url/to/see HTTP/1.1" 401 104 3435 "-" "blackbox-monitoring" "close" "close"10.251.100.81 servername1.some.nl - - [24/Jun/2020:10:40:07 +0200] TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "GET /some/url/to/see HTTP/1.1" 401 104 3381 "-" "blackbox-monitoring" "close" "close"
Christian Hoffmann
Jun 30, 2020, 2:27:30 AM6/30/20
to Danny de Waard, Prometheus Users
Hi,
On 6/24/20 11:14 AM, Danny de Waard wrote:
> Prometheus users,
>
> Who of you knows a good grok site/group/knowledge base where i can
> figure out my pattern.
> I can not figure out how to get my ssl log good in grok.
Looks like this is used in Logstash, maybe you can ask there?
https://www.elastic.co/guide/en/logstash/current/plugins-filters-grok.html
Kind regards,
Christian
On 6/24/20 11:14 AM, Danny de Waard wrote:
> Prometheus users,
>
> Who of you knows a good grok site/group/knowledge base where i can
> figure out my pattern.
> I can not figure out how to get my ssl log good in grok.
https://www.elastic.co/guide/en/logstash/current/plugins-filters-grok.html
Kind regards,
Christian
Reply all
Reply to author
Forward
0 new messages