custom log format for Common Log Format (apache)

[mansuedei]

Hello! Would greatly appreciate your help with troubleshooting the regexp for the Common Log Format(https://httpd.apache.org/docs/2.4/logs.html).

The regexp I've created is correctly parsing the logs: https://regex101.com/r/FArdI2/1, yet in the Ideolog itself, I'm getting the "Log format not recognized" error (just as a side note, my .log file consists of more than 6 lines, read up that less than 6 lines might lead to issues).

Would greatly appreciate your help to point me to where I'm going wrong!

To provide more context:

• Message structure:
  172.29.16.0 - foo111 [28/Nov/2023:11:12:34 +0000] "GET /api/v1/study/1 HTTP/1.1" 200 201 "https://test.net/view/1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36" rt=0.012 uct=0.000 uht=0.012 urt=0.012

1. IP Address and User Information: 172.29.16.0 - foo111

2. Timestamp: [28/Nov/2023:11:12:22 +0000]

3. HTTP method, the requested resource, protocol version: "GET /api/v1/study/1 HTTP/1.1"

4. Response Code and Size: 200 201

5. Referrer and User Agent: "https://test.net/view/1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36"

6. Custom Parameters: rt=0.178 uct=0.000 uht=0.001 urt=0.001

• Message pattern:

^(\S+) - (\S+) \[([^\]]+)\] "(\S+ \S+ \S+)" (\d+) (\d+) "([^"]*)" "([^"]*)" rt=([\d.]+) uct=([\d.]+) uht=([\d.]+) urt=([\d.]+)$

• Message start pattern:
  ^\d

• Time format:
  dd/MMM/yyyy:HH:mm:ss Z

Thank you very much!

[ArtemKar123]

Hello,
Can you provide more lines of your log? Just multiplying your sample seems to work for me