Grok pattern COMBINEDAPACHELOG broken with "user@example.com" form username
dkarlovi opened this issue · comments
Dalibor Karlović commented
I'm analyzing an access log for a Kerberos enabled Apache server and the log looks like
10.70.13.1 - user@EXAMPLE.COM [25/Nov/2015:18:07:29 +0100] "GET / HTTP/1.1" 200 658 "https://example.com/" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36"
This does not match the COMBINEDAPACHELOG
pattern. First I though it was because of the upper case but nope, lowercase also fails. If I remove @EXAMPLE.COM
, it works as expected.
Magnus Bäck commented
I think this issue should be closed as a duplicate of #141 (which has been fixed).