regexrubyfluent-bit

Not able to parse tomcat localhost access log via fluentbit reg ex


Not able to parse tomcat localhost access log via fluent bit using reg ex. Below is my incoming log:

127.0.0.1 - - [27/Aug/2024:00:01:48 +0000] "GET /TA HTTP/1.1" 302 - 0

Need output as below:

Remote hostname: 127.0.0.1
time log: 27/Aug/2024:00:01:48 +0000
request: GET /TA HTTP/1.1
statuscode: 302
bytessent: 0

pls let me know the ruby reg-ex to use in fluent-bit to parse the same?


Solution

  • log = "127.0.0.1 - - [27/Aug/2024:00:01:48 +0000] \"GET /TA HTTP/1.1\" 302 - 0"
    regexp = /(^[^\s]+)[\s-]+\[(.+ \+\d+)] "([^"]+)" (\d+) - (\d+)/
    match = log.match(regexp)
    
    ip = match[1]
    time = match[2]
    request = match[3]
    status_code = match[4]
    bytes_sent = match[5]