schema: Apache.AccessCombined
parser:
    fastmatch:
        match:
            - '%{remote_host_ip_address} %{client_identity_rfc_1413} %{request_user} [%{request_time}] "%{request_method} %{request_uri} %{request_protocol}" %{response_status} %{response_size} "%{referer}" "%{user_agent}"'
        emptyValues:
            - '-'
        trimSpace: true
description: Apache HTTP server access logs using the 'combined' format
referenceURL: https://httpd.apache.org/docs/current/logs.html#combined
fields:
    - name: remote_host_ip_address
      description: This is the IP address of the client (remote host) which made the request to the server. If HostnameLookups is set to On, then the server will try to determine the hostname and log it in place of the IP address.
      type: string
      indicators:
        - hostname
    - name: client_identity_rfc_1413
      description: The RFC 1413 identity of the client determined by identd on the clients machine.
      type: string
    - name: request_user
      description: The userid of the person requesting the document as determined by HTTP authentication.
      type: string
      indicators:
        - username
    - name: request_time
      description: The time that the request was received.
      type: timestamp
      timeFormats:
        - '%d/%b/%Y:%H:%M:%S %z'
      isEventTime: true
    - name: request_method
      description: The HTTP request method
      type: string
    - name: request_uri
      description: The HTTP request URI
      type: string
    - name: request_protocol
      description: The HTTP request protocol
      type: string
    - name: response_status
      description: The HTTP status of the response
      type: smallint
    - name: response_size
      description: The size of the HTTP response in bytes
      type: bigint
    - name: user_agent
      description: The User-Agent HTTP header
      type: string
    - name: referer
      description: The Referer HTTP header
      type: string

schema: Apache.AccessCommon
parser:
    fastmatch:
        match:
            - '%{remote_host_ip_address} %{client_identity_rfc_1413} %{request_user} [%{request_time}] "%{request_method} %{request_uri} %{request_protocol}" %{response_status} %{response_size}'
        emptyValues:
            - '-'
        trimSpace: true
description: Apache HTTP server access logs using the 'common' format
referenceURL: https://httpd.apache.org/docs/current/logs.html#common
fields:
    - name: remote_host_ip_address
      description: This is the IP address of the client (remote host) which made the request to the server. If HostnameLookups is set to On, then the server will try to determine the hostname and log it in place of the IP address.
      type: string
      indicators:
        - hostname
    - name: client_identity_rfc_1413
      description: The RFC 1413 identity of the client determined by identd on the clients machine.
      type: string
    - name: request_user
      description: The userid of the person requesting the document as determined by HTTP authentication.
      type: string
      indicators:
        - username
    - name: request_time
      description: The time that the request was received.
      type: timestamp
      timeFormats:
        - '%d/%b/%Y:%H:%M:%S %z'
      isEventTime: true
    - name: request_method
      description: The HTTP request method
      type: string
    - name: request_uri
      description: The HTTP request URI
      type: string
    - name: request_protocol
      description: The HTTP request protocol
      type: string
    - name: response_status
      description: The HTTP status of the response
      type: smallint
    - name: response_size
      description: The size of the HTTP response in bytes
      type: bigint