{"body":"#--------------------\n# Tomcat Access  \n#--------------------\n  if [type] == \"apache-access\" and [message] !~ \"GET \\/webapps\\/portal\\/healthCheck HTTP\\/1.0\" {\n    grok {\n      match => [ \"message\", \"%{IP:src_ip} - %{USERNAME:thread_name} %{DATA:suid} \\[%{HTTPDATE:timestamp}\\] \\\"%{WORD:method} %{URIPATHPARAM:request} HTTP/%{NUMBER:httpversion}\\\" %{NUMBER:status_code} (?<bytes>[\\d-]+) %{QS:http_useragent} \\\"(?<session_data>(-|.*))\\\" %{NUMBER:time_served_s} (?<time_served_ms>(-|%{NUMBER}))\" ]\n    }\n  }","name":"","extension":"txt","url":"https://www.irccloud.com/pastebin/iQS3goDw","modified":1441036758,"id":"iQS3goDw","size":504,"lines":8,"own_paste":false,"theme":"","date":1441036758}