version: 1
title: Apache Log Analytics
contributor: https://github.com/joshcody
summary: ''
description: ''
ingestStreams:
- type: FileIngest
path: $in_file
format:
type: CypherLine
query: |-
WITH text.regexFirstMatch($that, '(\\S+)\\s+\\S+\\s+(\\S+)\\s+\\[(.+)\\]\\s+\"(.*)\\s+(.*)\\s+(.*)\"\\s+([0-9]+)\\s+(\\S+)\\s+\"(.*)\"\\s+\"(.*)\"')
AS r
CREATE ({
sourceIp: r[1],
user: r[2],
time: datetime(r[3], 'dd/MMM/yyyy:HH:mm:ss Z'),
verb: r[4],
path: r[5],
httpVersion: r[6],
status: r[7],
size: r[8],
referrer: r[9],
agent: r[10],
type: 'log'
})
standingQueries:
- outputs:
verb:
type: CypherQuery
query: |-
MATCH (l) WHERE id(l) = $that.data.id
MATCH (v) WHERE id(v) = idFrom('verb', l.verb)
CREATE (l)-[:verb]->(v)
SET v.type = 'verb',
v.verb = l.verb
RETURN null
SKIP 1
pattern:
type: Cypher
query: MATCH (l) WHERE l.type = 'log' RETURN DISTINCT id(l) AS id
mode: DistinctId
nodeAppearances: [ ]
quickQueries: [ ]
sampleQueries:
- name: Count HTTP GET Requests
query: >-
MATCH (l)-[rel:verb]->(v)
WHERE l.type = 'log' AND v.type = 'verb' AND v.verb = 'GET'
RETURN count(rel) AS get_count
statusQuery:
cypherQuery: >-
MATCH (l)-[rel:verb]->(v)
WHERE l.type = 'log' AND v.type = 'verb' AND v.verb = 'GET'
RETURN count(rel) AS get_count
