I'm using Graylog to manage my server logs.
I would like to filter the apache logs access to keep the logs with a http response code 4** and 5**
So I would like to use a regex:
If I search /HTTP/ I have the corresponding logs like:
[...] "HEAD /register HTTP/1.1" 301 460 "-" [...]
But if I search /HTTP\//, I have no message. I also tried with /HTTP\\// but same result.
I tried with the regex /HTTP(?:.*?)"\s[4|5](?:\d{2})/ but no message found.
How to search a simple pattern like HTTP/ with a regex in Graylog ?
Thx
Why don't you use an extractor to map http-status-codes to fields.
Then you can easily filter and group your logs to find those with special codes.
Please see the following links