Is there a log parser available for HAproxy or has anyone written a parser they may be willing to share?
Sample logs? send as many as you can and lets see about a parser for them
Sure, I'll see what I can organise. Thanks.
I've attached a sample of the log file that gets generated.
HAProxy httplog format.From http://haproxy.1wt.eu/download/1.4/doc/configuration.txt · GitHub
This link has an explanation of the log format.
built a base parser with most of th fields you have in your sample log parsed out into temp fldx keys. If you want that data to be indexed, edit the parser and send the values to the matching key in table-map.xml to get it indexed. Not sure your usecase and haven't had time to map out some of the values to where they should go.
FYI the format of these logs and the sample Gist site you sent don't completely line up but they are close.
One thing that might be useful down the road is to take the 2 character code cD in the log message and use a valuemap table to provide the description from the Gist site that matches into event.description to add a bit more information about the event.
Thanks for taking a shot at this Eric, apologies for the delay in replying.
I'll give it a try in our environment as soon as I can.
one follow up question, I'm not sure what a valuemap table is, I get the concept but not how it relates in the NetWitness ecosystem. Do you have some reference I can get learned up on valuemaps?
start with this eTraining, in the advanced section there is a part on tagvalmap that should help you with your last question. Also a good reference on parser building and how I created this one for you based on sample logs.
Retrieving data ...