Skip to content

Instantly share code, notes, and snippets.

@philicious

philicious/gist:39a2b2317a79f4c01f6747d651fae0d6

Last active August 16, 2016 21:35
Show Gist options
  • Save philicious/39a2b2317a79f4c01f6747d651fae0d6 to your computer and use it in GitHub Desktop.
Save philicious/39a2b2317a79f4c01f6747d651fae0d6 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.txt
{
"extractors": [
{
"title": "Connection ID",
"extractor_type": "regex",
"converters": [
{
"type": "numeric",
"config": {}
}
],
"order": 10,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "connection_id",
"extractor_config": {
"regex_value": "connection=(.+?)\\|"
},
"condition_type": "regex",
"condition_value": ".+connection=.+"
},
{
"title": "Connection requests",
"extractor_type": "regex",
"converters": [
{
"type": "numeric",
"config": {}
}
],
"order": 11,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "connection_requests",
"extractor_config": {
"regex_value": "connection_requests=(.+?)\\|"
},
"condition_type": "regex",
"condition_value": ".+connection_requests=.+"
},
{
"title": "Response time",
"extractor_type": "regex",
"converters": [
{
"type": "numeric",
"config": {}
}
],
"order": 12,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "millis",
"extractor_config": {
"regex_value": "millis=(.+?)>"
},
"condition_type": "regex",
"condition_value": ".+millis=.+"
},
{
"title": "Remote Address",
"extractor_type": "regex",
"converters": [],
"order": 0,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "remote_addr",
"extractor_config": {
"regex_value": "^.*:\\s+(\\S+)"
},
"condition_type": "regex",
"condition_value": "^.*:\\s"
},
{
"title": "Remote User",
"extractor_type": "regex",
"converters": [],
"order": 1,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "remote_user",
"extractor_config": {
"regex_value": "^.*: \\S+ - (\\S+)"
},
"condition_type": "regex",
"condition_value": "^.*:\\s"
},
{
"title": "Request Timestamp",
"extractor_type": "regex",
"converters": [
{
"type": "date",
"config": {
"date_format": "dd/MMM/YYYY:HH:mm:ss Z"
}
}
],
"order": 2,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "timestamp",
"extractor_config": {
"regex_value": "^.*:\\s.+?\\[(.+?)\\]"
},
"condition_type": "regex",
"condition_value": "^.*:\\s"
},
{
"title": "Request Verb",
"extractor_type": "regex",
"converters": [],
"order": 3,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "request_verb",
"extractor_config": {
"regex_value": "^.*:\\s.+\\[.+\\] \"(\\S+)"
},
"condition_type": "regex",
"condition_value": "^.*:\\s"
},
{
"title": "Request Path",
"extractor_type": "regex",
"converters": [
{
"type": "numeric",
"config": {}
}
],
"order": 4,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "request_path",
"extractor_config": {
"regex_value": "^.*:\\s.+?\"\\S+ (\\S+).+"
},
"condition_type": "regex",
"condition_value": "^.*:\\s"
},
{
"title": "HTTP Version",
"extractor_type": "regex",
"converters": [],
"order": 5,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "http_version",
"extractor_config": {
"regex_value": "^.*:\\s.+HTTP/(\\S+)\""
},
"condition_type": "regex",
"condition_value": "^.*:\\s"
},
{
"title": "Response Status",
"extractor_type": "regex",
"converters": [
{
"type": "numeric",
"config": {}
}
],
"order": 6,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "response_status",
"extractor_config": {
"regex_value": "^.*:\\s.+?HTTP/\\S+\" (\\d+)"
},
"condition_type": "regex",
"condition_value": "^.*:\\s"
},
{
"title": "Response Bytes",
"extractor_type": "regex",
"converters": [
{
"type": "numeric",
"config": {}
}
],
"order": 7,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "response_bytes",
"extractor_config": {
"regex_value": "^.*:\\s.+?HTTP/\\S+\" \\d+ (\\d+)"
},
"condition_type": "regex",
"condition_value": "^.*:\\s"
},
{
"title": "HTTP User Agent",
"extractor_type": "regex",
"converters": [],
"order": 8,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "http_user_agent",
"extractor_config": {
"regex_value": "^.*:\\s.+?HTTP/\\S+\" \\d+ \\d+ \".+?\" \"(.+?)\""
},
"condition_type": "regex",
"condition_value": "^.*:\\s"
},
{
"title": "HTTP Referer",
"extractor_type": "regex",
"converters": [],
"order": 9,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "http_referer",
"extractor_config": {
"regex_value": "^.*:\\s.+?HTTP/\\S+\" \\d+ \\d+ \"(.+?)\""
},
"condition_type": "regex",
"condition_value": "^.*:\\s"
},
{
"title": "Message",
"extractor_type": "regex",
"converters": [],
"order": 13,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "message",
"extractor_config": {
"regex_value": "^.*:\\s.+?\\\"(\\S+.+HTTP\\/\\S+)\\\" \\d+"
},
"condition_type": "regex",
"condition_value": "^.*:\\s"
}
],
"version": "2.0.0-SNAPSHOT"
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment