Mar 8 05:53:40 localhost haproxy[1668]: IP:port[08/Mar/2021:05:53:39.081] abc soap_services/soap-hostname-5000 0/0/0/1191/1198 200 517722 - - ---- 6/6/1/0/0 0/0 "POST /connect/StatelessSoapAcceptor/?gtxInitialProcess=FrameworkEVAServices.API.Tag.TagV1 HTTP/1.0"
================================================================================Mar 8 05:53:40 localhost haproxy[328]: IP:port [08/Mar/2021:05:53:39.070] abc rest_service/rest-hostname-5001 0/0/0/1279/1280 200 18794 - - --VN 5/5/1/0/0 0/0 "GET /services/cm/crosstags?sourcetag=kbase_test&targettagset=topic HTTP/1.1" ==========================================================================
I have these set of events (soap and rest services). These are the Haproxy (apache logs). I am trying to create response time for each rest and soap calls. I would like to extract below string from the evnts in below table format
1. Type of services (soap_services or rest_service )
2. hostname
3. status code (200)
4. responsetime ( from above evnts- 517722 and 18794 are millisecond response time). Need in seconds
Hi @ravir_jbp,
You can use below rex command;
| rex "\[[^\]]+\]\s\w+\s(?<service>[^\/]+)\/\w+\-(?<hostname>\w+)\-\d+\s\d+(?:\/\d+){4}\s(?<status_code>\d+)\s(?<response_time>\d+)"
| table _time service hostname status_code response_time
Hi @ravir_jbp,
Great to hear it helped you, I added port field as well;
rex "\[[^\]]+\]\s\w+\s(?<service>[^\/]+)\/\w+\-(?<hostname>\w+)\-(?<port>\d+)\s\d+(?:\/\d+){4}\s(?<status_code>\d+)\s(?<response_time>\d+)"
| table _time service hostname port status_code response_time
Try this regex
] \w+ (?<serviceType>\w+)[^-]+-(?<hostname>[^-]+)\S+\s\S+\s(?<statusCode>\d+)\s(?<responsetime>\d+)
Hi @ravir_jbp,
You can use below rex command;
| rex "\[[^\]]+\]\s\w+\s(?<service>[^\/]+)\/\w+\-(?<hostname>\w+)\-\d+\s\d+(?:\/\d+){4}\s(?<status_code>\d+)\s(?<response_time>\d+)"
| table _time service hostname status_code response_time
Hello @scelikok ,
The query worked. However I also need the port number along with hostname which is separated with "-" after every host name. Can you help me with that as well.