Striim 3.9.4 / 3.9.5 documentation

AAL (Apache access log) Parser

Parses Apache access logs. See Supported reader-parser combinations for compatible readers.

property

type

default value

notes

archivedir

java.lang.String

if specified, the adapter will also read the rotated log files from the archive directory

charset

java.lang.String

UTF-8

columndelimittill

java.lang.Integer

-1

With the default value of -1, all delimiters are interpreted as columns. If a positive value is specified, that number of delimiters are interpreted as columns, and any additional delimiters are treated as if escaped. For example, if the columndelimiter value is a space, and columndelimittill is 4, this row:

 2012-12-10 10:30:30:256 10.1.10.12 jsmith User Login Error, invalid username or password

would be interpreted as five columns:

2012-12-10
10:30:30:256
10.1.10.12
jsmith
User Login Error, invalid username or password

columndelimiter

java.lang.String

default value is one space (UTF-8 0x20)

ignoreemptycolumn

java.lang.Boolean

True

quoteset

java.lang.String

[]~\"

characters that mark the start and end of each field

rowdelimiter

java.lang.String

\n

see Setting rowdelimiter values

separator

java.lang.String

~

The output type of a source using AALParser is WAEvent.

Sample application:

CREATE SOURCE AALSource USING FileReader (
  directory:'Samples/appData',
  wildcard:'access_log.log',
  positionByEOF:false
)
PARSE USING AALParser ()
OUTPUT TO RawAccessStream;
	
CREATE TYPE AccessLogEntry (
  srcIp String KEY,
  accessTime DateTime,
  timeStr String,
  request String);

CREATE STREAM AccessStream OF AccessLogEntry;

CREATE CQ ParseAccessLog
INSERT INTO AccessStream
SELECT data[0],
  TO_DATE(data[3],"dd/MMM/yyyy:HH:mm:ss Z"),
  data[3],
  data[4]
FROM RawAccessStream;