elasticsearch icon indicating copy to clipboard operation
elasticsearch copied to clipboard

Published 20 hours ago verified publisher icon elastic

[Docs] Two back slashes do not work in the "parse logs in the common log format" example

Open liu-xiao-guo opened this issue 3 years ago • 3 comments

image

The correct one should be a single back slash: image

liu-xiao-guo avatar Aug 09 '22 04:08 liu-xiao-guo

After a few trial, I think the original log without escape is:

212.87.37.154 - - [05/May/2099:16:21:15 +0000] "GET /favicon.ico HTTP/1.1" 200 3638 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36"

This is more clear to developers. The pattern is:

%{IPORHOST:source.ip} %{USER:user.id} %{USER:user.name} \[%{HTTPDATE:@timestamp}\] "%{WORD:http.request.method} %{DATA:url.original} HTTP/%{NUMBER:http.version}" %{NUMBER:http.response.status_code:int} (?:-|%{NUMBER:http.response.body.bytes:int}) %{QS:http.request.referrer} %{QS:user_agent} image

liu-xiao-guo avatar Aug 09 '22 05:08 liu-xiao-guo

@liu-xiao-guo I'll move this issue to the Elasticsearch repo, because this refers to a page in the Elasticsearch docs: https://www.elastic.co/guide/en/elasticsearch/reference/master/common-log-format-example.html

Were you thinking of making this change yourself, or would you like someone from the documentation team to work on this?

abdonpijpelink avatar Aug 09 '22 14:08 abdonpijpelink

Pinging @elastic/es-docs (Team:Docs)

elasticsearchmachine avatar Aug 09 '22 14:08 elasticsearchmachine