Skip to main content

AAL (Apache access log) Parser

Parses Apache access logs. See Supported reader-parser combinations for compatible readers.

AAL Parser properties

property	type	default value	notes
Archive Dir	String		if specified, the adapter will also read the rotated log files from the archive directory
Charset	String	UTF-8
Column Delimit Till	Integer	-1	With the default value of -1, all delimiters are interpreted as columns. If a positive value is specified, that number of delimiters are interpreted as columns, and any additional delimiters are treated as if escaped. For example, if the columndelimiter value is a space, and columndelimittill is 4, this row: `2012-12-10 10:30:30:256 10.1.10.12 jsmith User Login Error, invalid username or password` would be interpreted as five columns: 2012-12-10 10:30:30:256 10.1.10.12 jsmith User Login Error, invalid username or password
Column Delimiter	String		default value is one space (UTF-8 0x20)
Ignore Empty Eolumn	Boolean	True
Quote Set	String	`[]~\"`	characters that mark the start and end of each field
Row Delimiter	String	`\n`	see Setting rowdelimiter values
Separator	String	~

The output type of a source using AALParser is WAEvent.

AAL Parser example

CREATE SOURCE AALSource USING FileReader (
  directory:'Samples/appData',
  wildcard:'access_log.log',
  positionByEOF:false
)
PARSE USING AALParser ()
OUTPUT TO RawAccessStream;
	
CREATE TYPE AccessLogEntry (
  srcIp String KEY,
  accessTime DateTime,
  timeStr String,
  request String);

CREATE STREAM AccessStream OF AccessLogEntry;

CREATE CQ ParseAccessLog
INSERT INTO AccessStream
SELECT data[0],
  TO_DATE(data[3],"dd/MMM/yyyy:HH:mm:ss Z"),
  data[3],
  data[4]
FROM RawAccessStream;

Would you like to provide feedback? Just click here to suggest edits.