Logging Framework
For each file structure, you may choose to group specific fields using the Group on column.
The log connector definition is based on the log file structure below:
log4j
You can use this format to index logs in log4j format.
Example: [2019/11/19-14:18:49.590] [info] [Thread-13] [replication.manager] execute command on 0/i0: getFilesInUse (serial=5)
5 log fields are required:
• date: [2019/11/19-14:18:49.590]
• level: [info]
• thread: [Thread-13]
• logger: [replication.manager]
• message: execute command on 0/i0: getFilesInUse (serial=5)
Apache
You can use this format to index logs in apache format.
Example: 127.0.0.1 - frank [10/Oct/2019:13:55:36 -0700] "GET /apache_pb.gif HTTP/1.0" 200 2326 "http://www.example.com/start.html" "Mozilla/4.08 [en] (Win98; I ;Nav)"
13 log fields are required:
• ip: 127.0.0.1
• identid: -
• userid: frank
• date: 10/Oct/2019
• time: 13:55:36
• timezone: 0700
• method: GET
• requested: /apache_pb.gif
• protocol: HTTP/1.0
• statuscode: 200
• size: 2326
• referer: http://www.example.com/start.html
• useragent: Mozilla/4.08 [en] (Win98; I ;Nav)
See http://httpd.apache.org/docs/trunk/en/logs.html for more details on Apache log format.
Auto
You can use this format to manage log structure automatically.
Configure the delimiters used to define the log structure in the Delimiters section (for example, [ and ]) .
Custom
You can use this format to manage log structure using a regular expression in the Regular expression field.
Each capturing group must correspond to a log field defined in the Log fields section.