I'm having trouble parsing the Apache log from my apps. I need to create a parser for the "message" field where I have the information I need, such as IP, application, path, etc. The problem is that I can't parse the IP, for example, because the log didn't create a token or JSON path for it. Here's a small excerpt from the log to help you understand what's happening: (<13>Sep 22 17:52:31 {"name":"www002"} Apache[-]: {"log":{"offset":158482966,"file":{"path":"/storage/ap/mybd/instances/logs/doc_log"}},"ecs":{"version":"1.12.0"},"agent":{"version":"x.x.0","type":"filebeat","id":"63cf345e-facf-4be7-963b","name":"www002","ephemeral_id":"6f2d7731"},"event":{"dataset":"apache.access","module":"apache"},"cli.redis_key":"client-apache","message":"10.2.1.20 - - [22/Sep/2023:14:52:31 -0300] "GET /tarefa/js/app-min.js?v1.11.4.1 HTTP/1.1"), in summary... how do I create a parser for the IP 10.2.1.20, another one for the date, another one for the GET, and so on? I've tried using JSON mappings and dynamic rules without success so far. I appreciate everyone's attention in advance.
