Incorrect pattern for AWS CLOUDFRONT_ACCESS_LOG

Question

Incorrect pattern for AWS CLOUDFRONT_ACCESS_LOG

Closed this issue 6 years ago · 1 comments

Not sure if its a version change or log format change on the AWS side, but currently there are a few fields that are incorrect pattern-wise for the CLOUDFRONT_ACCESS_LOG format.

Version: 4.1.2
Operating System: All (Docker)
Config File (if you have sensitive info, please remove it): N/A
Sample Data:


2018-07-24	22:22:47	SEA19	557	196.52.43.106	GET	d2lv5my8ejglq4.cloudfront.net	/	301	-	Mozilla/5.0%2520(compatible;%2520nsrbot/1.0;%2520&%2343;http://netsystemsresearch.com)	-	-	Redirect	IKaDjLqf5T8ptafxZk_HNJ49zZ1N4SuI8f_kdivoUvPNZFnzpuKhKA==	jamespleger.com	http	127	0.000	-	-	-	Redirect	HTTP/1.1	-	-
--

Steps to Reproduce: add cloudfront logs.

Reference:
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/AccessLogs.html

Answer 1 · 2018-07-25T04:32:38.000Z

Meant to open a ticket in logstash-plugins/logstash-patterns-core