From 3ef20b0fe6b337a6dd30e538b762f90f1261d503 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=ABl=20Marty?= <134835+joelmarty@users.noreply.github.com> Date: Wed, 12 Jun 2024 19:45:37 +0200 Subject: [PATCH] Fix missing closing parenthesis in CLOUDFRONT_ACCESS_LOG pattern (#4607) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Joël Marty <134835+joelmarty@users.noreply.github.com> --- .../grok-processor/src/main/resources/grok-patterns/patterns | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/data-prepper-plugins/grok-processor/src/main/resources/grok-patterns/patterns b/data-prepper-plugins/grok-processor/src/main/resources/grok-patterns/patterns index bb433620d7..b5d14ae632 100644 --- a/data-prepper-plugins/grok-processor/src/main/resources/grok-patterns/patterns +++ b/data-prepper-plugins/grok-processor/src/main/resources/grok-patterns/patterns @@ -14,6 +14,6 @@ ELB_ACCESS_LOG %{TIMESTAMP_ISO8601:timestamp}\s%{NOTSPACE:elb}\s%{IP:clientip}:% S3_HTTP_REQUEST ((?:%{WORD:verb}\s%{NOTSPACE:request}\s(?:HTTP/%{NUMBER:httpversion}))?|%{DATA:rawrequest}) S3_ACCESS_LOG %{WORD:owner}\s%{NOTSPACE:bucket}\s\[%{HTTPDATE:timestamp}\]\s%{IP:clientip}\s%{NOTSPACE:requester}\s%{NOTSPACE:request_id}\s%{NOTSPACE:operation}\s%{NOTSPACE:key}\s(?:-|"%{S3_HTTP_REQUEST}")\s(?:-|%{INT:response:int})\s(?:-|%{NOTSPACE:error_code})\s(?:-|%{INT:bytes_sent:int})\s(?:-|%{INT:object_size:int})\s(?:-|%{INT:request_time_ms:int})\s(?:-|%{INT:turnaround_time_ms:int})\s(?:%{QS:referrer})\s(?:-|"?%{QS:agent}"?)\s(?:-|%{NOTSPACE:version_id}) -CLOUDFRONT_ACCESS_LOG (?%{YEAR}-%{MONTHNUM}-%{MONTHDAY}\s%{TIME})\s%{NOTSPACE:x_edge_location}\s(?:-|%{NUMBER:sc_bytes:int})\s%{IPORHOST:clientip}\s%{WORD:cs_method}\s%{HOSTNAME:cs_host}\s%{NOTSPACE:cs_uri_stem}\s(?:-|%{NUMBER:sc_status:int})\s%{GREEDYDATA:referrer}\s%{GREEDYDATA:agent}\s%{GREEDYDATA:cs_uri_query}\s%{GREEDYDATA:cookies}\s%{WORD:x_edge_result_type}\s%{NOTSPACE:x_edge_request_id}\s%{HOSTNAME:x_host_header}\s%{URIPROTO:cs_protocol}\s(?:-|%{INT:cs_bytes:int})\s(?:-|%{GREEDYDATA:time_taken:float}\s%{GREEDYDATA:x_forwarded_for}\s%{GREEDYDATA:ssl_protocol}\s%{GREEDYDATA:ssl_cipher}\s%{GREEDYDATA:x_edge_response_result_type} +CLOUDFRONT_ACCESS_LOG (?%{YEAR}-%{MONTHNUM}-%{MONTHDAY}\s%{TIME})\s%{NOTSPACE:x_edge_location}\s(?:-|%{NUMBER:sc_bytes:int})\s%{IPORHOST:clientip}\s%{WORD:cs_method}\s%{HOSTNAME:cs_host}\s%{NOTSPACE:cs_uri_stem}\s(?:-|%{NUMBER:sc_status:int})\s%{GREEDYDATA:referrer}\s%{GREEDYDATA:agent}\s%{GREEDYDATA:cs_uri_query}\s%{GREEDYDATA:cookies}\s%{WORD:x_edge_result_type}\s%{NOTSPACE:x_edge_request_id}\s%{HOSTNAME:x_host_header}\s%{URIPROTO:cs_protocol}\s(?:-|%{INT:cs_bytes:int})\s(?:-|%{GREEDYDATA:time_taken:float})\s%{GREEDYDATA:x_forwarded_for}\s%{GREEDYDATA:ssl_protocol}\s%{GREEDYDATA:ssl_cipher}\s%{GREEDYDATA:x_edge_response_result_type} -VPC_FLOW_LOG %{NUMBER:version}\s%{NUMBER:account-id}\s%{NOTSPACE:interface-id}\s%{NOTSPACE:srcaddr}\s%{NOTSPACE:dstaddr}\s(?:-|%{NOTSPACE:srcport:int})\s(?:-|%{NOTSPACE:dstport:int})\s(?:-|%{NOTSPACE:protocol:int})\s(?:-|%{NOTSPACE:packets:int})\s(?:-|%{NOTSPACE:bytes:int})\s(?:-|%{NUMBER:start:int})\s(?:-|%{NUMBER:end:int})\s%{NOTSPACE:action}\s%{NOTSPACE:log-status} \ No newline at end of file +VPC_FLOW_LOG %{NUMBER:version}\s%{NUMBER:account-id}\s%{NOTSPACE:interface-id}\s%{NOTSPACE:srcaddr}\s%{NOTSPACE:dstaddr}\s(?:-|%{NOTSPACE:srcport:int})\s(?:-|%{NOTSPACE:dstport:int})\s(?:-|%{NOTSPACE:protocol:int})\s(?:-|%{NOTSPACE:packets:int})\s(?:-|%{NOTSPACE:bytes:int})\s(?:-|%{NUMBER:start:int})\s(?:-|%{NUMBER:end:int})\s%{NOTSPACE:action}\s%{NOTSPACE:log-status}