Configuration
Copy and paste to fluent.conf or td-agent.conf
<source>
type tail
path /var/log/foo/bar.log
pos_file /var/log/td-agent/foo-bar.log.pos
tag foo.bar
format /^(?<host>[^ ]*) (?<remotelog>[^ ]*) (?<user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^ ]*) +\S*)?" (?<status>[^ ]*) (?<size>[^ ]*) "(?<referer>[^\"]*)" "(?<agent>.*)"\ *(?<querystring>[^\"]*)$/
time_format %d/%b/%Y:%H:%M:%S %z
</source>
type tail
path /var/log/foo/bar.log
pos_file /var/log/td-agent/foo-bar.log.pos
tag foo.bar
format /^(?<host>[^ ]*) (?<remotelog>[^ ]*) (?<user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^ ]*) +\S*)?" (?<status>[^ ]*) (?<size>[^ ]*) "(?<referer>[^\"]*)" "(?<agent>.*)"\ *(?<querystring>[^\"]*)$/
time_format %d/%b/%Y:%H:%M:%S %z
</source>
Data Inspector
Attributes
| Key | Value |
|---|---|
| time | 2017/02/03 02:53:21 +0000 |
Records
| Key | Value |
|---|---|
| host | 10.0.0.85 |
| remotelog | - |
| user | - |
| method | GET |
| path | /requests/form/34 |
| status | 200 |
| size | 95409 |
| referer | https://sample.jp/sample?station=%E4%B8%AD%E9%87%8E%E6%96%B0%E6%A9%8B |
| agent | Mozilla/5.0 (iPhone; CPU iPhone OS 10_2_1 like Mac OS X) AppleWebKit/602.4.6 (KHTML, like Gecko) Mobile/14D27 |
| querystring |