Skip to main content

Apache Tomcat Access Logs

Log Type: Apache Tomcat Access

Template Description: Parsing the common fields in your Apache Tomcat Access log.

Sample Log:

250.67.103.48 228.249.208.87 - - [2017-08-15 17:31:33.786 +0000] "POST /blog/index.php HTTP/1.1" 200 3280 468

Parsing Rule:

parse regex "(?<ip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}? )"
| parse regex "\"(?<method>\D{1,7}? )"
| parse regex "\"\D{1,7} (?<url>\S{1,2048}? )"
| parse regex "\" (?<status>\d{3}? )"
| parse regex "\" \d{3} (?<time_taken>\d{1,}? )"
| parse regex "\" \d{3} \d{1,} (?<bytes_sent>\d{1,}?)"

Resulting Fields:

FieldDescriptionExample
ipThe Client IP250.67.103.48
methodRequest methodPOST
urlResource requested by the client/blog/index.php
statusStatus code that the server sends back to the client200
time_takenTime taken to process the request3280
bytes_sentBytes sent count4
Legal
Privacy Statement
Terms of Use

Copyright © 2023 by Sumo Logic, Inc.