ELB_ACCESS_LOG aws pattern no matches #98
Description
The pattern ELB_ACCESS_LOG no matches sometimes because of this:
The status code of the response from the target. This value is recorded only if a connection was established to the target and the target sent a response. Otherwise, it is set to -.
I changed %{INT:backend_response:integer} for this %{NOTSPACE:backend_response} and it worked
Also added this at first: %{NOTSPACE:request_type}
Remaining like this finally:
ELB_ACCESS_LOG %{NOTSPACE:request_type} %{TIMESTAMP_ISO8601:timestamp} %{NOTSPACE:elb} %{IP:clientip}:%{INT:clientport:integer} (?:(%{IP:backendip}:?:%{INT:backendport:integer})|-) %{NUMBER:request_processing_time:float} %{NUMBER:backend_processing_time:float} %{NUMBER:response_processing_time:float} %{INT:response:integer} %{NOTSPACE:backend_response} %{INT:received_bytes:integer} %{INT:bytes:integer} "%{ELB_REQUEST_LINE}"
Also say that the parser CLOUDFRONT_ACCESS_LOG does not work with the current format of cloudfront.
I use this in my custom_pattern_path that works for me:
CF_ACCESS_LOG (?<timestamp>%{YEAR}-%{MONTHNUM}-%{MONTHDAY}\t%{TIME})\t(?<x_edge_location>\b[\w\-]+\b)\t(?:%{NUMBER:sc_bytes:integer}|-)\t%{IPORHOST:c_ip}\t%{WORD:cs_method}\t%{HOSTNAME:cs_host}\t%{NOTSPACE:cs_uri_stem}\t%{NUMBER:sc_status:integer}\t%{GREEDYDATA:referrer}\t%{GREEDYDATA:User_Agent}\t%{GREEDYDATA:cs_uri_stem}\t%{GREEDYDATA:cookies}\t%{WORD:x_edge_result_type}\t%{NOTSPACE:x_edge_request_id}\t%{HOSTNAME:x_host_header}\t%{URIPROTO:cs_protocol}\t%{INT:cs_bytes:int}\t%{NUMBER:time_taken}\t%{DATA:x_forwarded_for}\t%{DATA:ssl_protocol}\t%{DATA:ssl_cipher}\t%{DATA:x_edge_response_result_type}\tHTTP/%{NUMBER:cs_protocol_version}\t%{DATA:fle_status}\t%{DATA:fle_encrypted_fields}\t%{DATA:c_port}\t%{NUMBER:time_to_first_byte}\t%{DATA:x_edge_detailed_result_type}\t%{DATA:sc_content_type}\t%{DATA:sc_content_len}\t%{DATA:sc_range_start}\t%{GREEDYDATA:sc_range_end}