How do you pass in a Referrer Header?

Question

How do you pass in a Referrer Header?

SachinKainth opened this issue 9 years ago · comments

SachinKainth commented 9 years ago

How do you pass in a Referrer Header to ElasticSearch using Log4Stash?

Uriel · Answer 1 · Sun Sep 27 2015 21:03:00 GMT+0800 (China Standard Time)

Anyway you like :)
In what format are you logging?

Lets say you do something like this:

logger.infoFormat(".. Referrer={0} ...", referrer);

you can use the kv filter to extract the referrer automatically, just add <kv /> to you configuration xml
example:

<appender name="ElasticSearchAppender" type="log4net.ElasticSearch.ElasticSearchAppender, log4stash">
    <Server>localhost</Server>
    <Port>9200</Port>
    <ElasticFilters>

      <!-- using keyValue filter to extract key=value format from the log message -->
      <kv /> 

    </ElasticFilters>
</appender>

Another way is to use the Grok filter
In our case, instead of <kv /> we will use:

<Grok>
     <SourceKey>Message</SourceKey>
     <Pattern>Referrer=%{URI:Referrer}</Pattern>
</Grok>

I didn't write full documentation about the filters
(I will very appreciate some help with the documentation 😅 )

But they pretty similar to logstash filters
you can read about logstash's kv filter and Grok filter respectively