Hi,
Here is an example of my log:
test.co:443 80.81.174.142 www.test.co [07/Nov/2017:09:53:34 +0200] 10524941 “GET /api/v1/company/jobs HTTP/1.1” 200 34653 “https://www.test.co/v/hunt” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36” WgFmfn8AAAEAAF7ZVwUAAAAB ad3doh5o6zpyk5zubtrck8ta2p1tz187
I added this to my telegraf.conf:
[[inputs.logparser]]
files to tail.
files = [“/var/log/apache2/other_vhosts_access.log”]
Read file from beginning.
from_beginning = false
Override the default measurement name, which would be “logparser_grok”
name_override = “apache_access_log”
For parsing logstash-style “grok” patterns:
[inputs.logparser.grok]
patterns = [“%{CUSTOM_LOG}”]
custom_patterns = ‘’’
CUSTOM_LOG %{DATA:host} %{IP:client} %{DATA} [%{HTTPDATE:ts:ts-httpd}] %{NUMBER:resp_time:tag} "(?:%{WORD:verb:tag} %{NOTSPACE:r$
‘’’
I tried using http://grokdebug.herokuapp.com/ to make sure my custom pattern works, and it looks like it does, but no entries were created in influx DB 
Tested with other patterns and log examples and it worked, so I guess I’m missing something in the [[inputs.logparser]].
Thanks a lot!
