From 39b7a4295dd957f12cdf93cf7d35981a964fa011 Mon Sep 17 00:00:00 2001 From: Ben Harosh Date: Wed, 10 Apr 2024 17:09:39 -0700 Subject: [PATCH] Fix artifactory access log regex to match input --- CHANGELOG.md | 4 ++++ fluent.conf.rt | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3debba5..8875a39 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,10 @@ All changes to the log analytics integration will be documented in this file. +## [1.0.2] - April 11th, 2024 + +* Fix Artifactory access's regex to match log input changes + ## [1.0.1] - March 22nd, 2024 * Updated docker images to use fluetnd:1.16.3 to resolve existing CVEs. Please see [security section](https://github.com/jfrog/log-analytics-splunk/security) for more info diff --git a/fluent.conf.rt b/fluent.conf.rt index 0d808f5..a156883 100644 --- a/fluent.conf.rt +++ b/fluent.conf.rt @@ -236,7 +236,7 @@ tag jfrog.rt.artifactory.access @type regexp - expression /^(?[^ ]*) \[(?[^\]]*)\] \[(?[^\]]*)\] (?.*) for client : (?.+)\/(?\s*\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3})\.(?.+)?$/ + expression /^(?[^\s]*) \[(?[^\s\]]*)\s*\] \[(?[^\]\r\n]*)\] (?[^\s]*)? *for client : *(?[^\s]*) *\/ *(?[^\s]*)? ?(\[(?[^\s]*)\])?$/ time_key log_timestamp time_format %Y-%m-%dT%H:%M:%S.%LZ