search

JetBrains / ideolog

Interactive viewer for '.log' files.
MIT License
254 stars 55 forks source link

Can't get new log format to work #57

Open CJDennis opened 5 years ago

CJDennis commented 5 years ago

I'm trying to match the following lines from the Apache access log:

127.0.0.1 - - [08/May/2019:13:02:46 +1000] "GET / HTTP/1.1" 404 198
127.0.0.1 - - [08/May/2019:13:02:47 +1000] "GET /favicon.ico HTTP/1.1" 404 209
127.0.0.1 - - [08/May/2019:13:04:35 +1000] "GET / HTTP/1.1" 404 198
127.0.0.1 - - [08/May/2019:13:04:45 +1000] "GET /world-scripts-test.html HTTP/1.1" 404 221

I would have thought ^(\S+)\s(\S+)\s(\S+)\s\[(([^\[\]]+)\s([^\[\]]+))\]\s"([^"]+)"\s(\S+)\s(\S+)$ would work, with the Severity in field 8.

  1. (\S+) - IP
  2. (\S+) - Username
  3. (\S+) - Password
  4. [(([^[]]+)\s([^[]]+))] - Full timestamp
  5. ([^[]]+) - Date/time
  6. ([^[]]+) - Timezone
  7. "([^"]+)" - Request
  8. (\S+) - HTTP response code
  9. (\S+) - Response length

However, nothing, not even ^(?s).*$ matches any Apache log lines. It always says "Log format not recognised". If I copy the IntelliJ IDEA log format into a new line, it does work for IDEA log files, but I can't work out what the difference is between the IDEA format and the Apache format that's preventing it from working for any Apache files.

knah commented 5 years ago

Have you tried reopening the log file? Currently there's an issue where changing the settings doesn't apply until the file is closed and opened again.

tflori commented 5 years ago

If I've understood the wiki correct it requires that at least 5 lines are matching your pattern https://github.com/JetBrains/ideolog/wiki/Custom-Log-Formats#log-format-detection

In other words: You need at least 5 matching lines in the first 25 lines of your log file.

CJDennis commented 5 years ago

@knah I was shutting down PhpStorm and restarting it. @tflori I had several Apache files open longer than 5 lines. I was just showing those four lines as representative.

There was an update yesterday and it's working a bit now, but it's still hard to use. I've got HTTP codes 1XX, 2XX, and 3XX in green, 4XX in orange, and 5XX in red. I don't have any 5XX codes in the log, but the others are working properly.

I'm still not sure what you're supposed to do with the time format. Once it's recognised, what does it do?

steinybot commented 4 years ago

@tflori OMG you legend. I have been trying to get this to work for over an hour.

This is so stupid. It should at least say that there are not enough lines, or better yet if 100% of the lines match one pattern and none of the others then surely this is a good enough match.