Log Type: ELB Log (Elastic Load Balancing)
Rule Description: Parsing the common fields in your AWS ELB log
Sample Log:

2014-10-08T00:20:2#Z #189.164.112.148:24586 10.191.52.76:6081 # # # 200 200 0 922 "GET http://api.somecompany.com:80/v1/gifs/tv?api_key=CW27AW0nlp5u0&tag=space&internal=yes&callback=jQuery1102019244040991179645_1412721448786&_=1412721449926 HTTP/1.1"

Parsing Rule:

| parse "* *:* *:* * * * * * * * \"* *://*:*/* HTTP" as datetime, clientIP, port, backend, backend_port, requestProc, ba_Response, cli_Response, ELB_StatusCode, be_StatusCode, rcvd, send, method, protocol, domain, server_port, path 

 

Resulting Fields:

 Field

 Description

 Example

datetime Time (UTC) that the response was sent back to client. Uses ISO 8601 format. 2014-10-08T00:20:223Z
clientip IP address of the requesting client. 192.168.154.128
port Port of the requesting client. 24986
backend IP address of the registered instance that processed this request. 192.168.154.128
backend_port Port of the registered instance that processed this request.  6081
requestProc Total time elapsed (in seconds) from the time the load balancer receives the request and sends the request to a registered instance.  0.00003
ba_Response Total time elapsed (in seconds) from the time the load balancer sends the request to a registered instance and the instance begins sending the response  headers.  0.0784
cli_Response Total time elapsed (in seconds) from the time the load balancer receives the response header from the registered instance and starts sending the  response to the client. This processing time includes both queuing time at the load balancer and the connection acquisition time from the load balancer to  the backend.  0.00003
 ELB_StatusCode Status code of the response from the load balancer (HTTP only).

 200

 be_StatusCode Status code of the response from the registered instance (HTTP only).  200
 rcvd Size of the request (bytes) received from the client (requester). For HTTP requests, the bytes received account for the request body and do not include  headers. For TCP, the bytes include the headers.  0
 send Size of the response (bytes) sent back to the client (requester). For HTTP responses, the bytes sent account for the response body and do not include  headers. For TCP, the bytes include the headers.  932
 method    GET
 protocol    http
 domain    somecompany.com
 server_port    80
 path    v1/gifs/tv? api_key=CW27AW0nlp5u0&callback=1412727595175