parser:
type: regexp
time_key: Timestamp
- time_format: '%d/%b/%Y:%H:%M:%S %z'
- keep_time_key: false
- # Apache format: https://regex101.com/r/WeCT7s/5
+ time_format: '%d/%b/%Y %H:%M:%S.%N %z'
+ keep_time_key: true
+ # Apache format: https://regex101.com/r/WeCT7s/8
format: '/(?<hostname>[\w\.\-]+)\:(?<port>\d+)\s(?<http_client_ip_address>[\d\.]+)\s\-\s\-\s\[(?<Timestamp>.*)\]\s(?<Payload>\"(?<http_method>[A-Z]+)\s(?<http_url>\S+)\s(?<http_version>[.\/\dHTFSP]+)\"\s(?<http_status>\d{3})\s(?<http_response_time>\d+)\s(?<http_response_size>\d+)\s\"(?<http_referer>.*)\"\s\"(?<user_agent>.*)\")/'
filter:
add_cinder_wsgi_record_fields:
value: ${ record['name'] }
- name: programname
value: '${ record["programname"] ? record["programname"] : "cinder" }'
+ - name: Timestamp
+ value: ${ DateTime.parse(record['time']).strftime('%Y-%m-%dT%H:%M:%S.%N%z') }
parse_http_stats:
tag: openstack.cinder
type: parser