%h %l %u %t "%r" %s %b "%{Referer}i" "%{User-agent}i"
filter {
if [type] == "varnish" {
grok {
match => { "message" => "%{VARNISHACCESS}"}
add_tag => "Varnish"
}
if [client_ip] {
geoip {
source => "client_ip"
target => "geoip"
add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ]
add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}" ]
}
mutate {
convert => [ "[geoip][coordinates]", "float" ]
}
}
}
}
VARNISHACCESS %{IPORHOST:client_ip} (?:%{WORD:ident}|-) (?:%{WORD:auth}|-) \[%{HTTPDATE:timestamp}\] "%{WORD:verb} %{GREEDYDATA:request} HTTP/%{NUMBER:httpversion}" %{NUMBER:response} (?:%{NUMBER:bytes}|-) "(?:%{URI:referrer}|-)" "%{GREEDYDATA:agent}"