Incorrect pattern for AWS CLOUDFRONT_ACCESS_LOG
jpleger opened this issue · comments
James Pleger commented
Not sure if its a version change or log format change on the AWS side, but currently there are a few fields that are incorrect pattern-wise for the CLOUDFRONT_ACCESS_LOG format.
- Version: 4.1.2
- Operating System: All (Docker)
- Config File (if you have sensitive info, please remove it): N/A
- Sample Data:
2018-07-24 22:22:47 SEA19 557 196.52.43.106 GET d2lv5my8ejglq4.cloudfront.net / 301 - Mozilla/5.0%2520(compatible;%2520nsrbot/1.0;%2520&%2343;http://netsystemsresearch.com) - - Redirect IKaDjLqf5T8ptafxZk_HNJ49zZ1N4SuI8f_kdivoUvPNZFnzpuKhKA== jamespleger.com http 127 0.000 - - - Redirect HTTP/1.1 - -
--
- Steps to Reproduce: add cloudfront logs.
Reference:
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/AccessLogs.html
James Pleger commented
Meant to open a ticket in logstash-plugins/logstash-patterns-core