one line raw log is (multiline):
12:18:03.220396 IP 192.168.236.21.49851 > 192.168.0.6.443: Flags [P.], seq 750523337:750523854, ack 944158970, win 2064, options [nop,nop,TS val 2748450207 ecr 2209508457], length 517
E..9..@.@..P............,...8F......B......
......li..................@......Ma..A..'.p.....e.V ...^..%..B...}V..k..0..Zk.zp...............,.+...0./...
. ........
...........t4.mycompany.com..........
...
.......................h2.http/1.1..........................................3.+.)........ ..D.;.M.....f....F...3..$......b.-.....+...JJ....................................................................................................................................................................................................................................
logql like this:
{job="tcpdump", app="https"} | pattern "<time> IP <src> > <dst>: <_> <domain(domname)> <_>" | line_format "{{.time}} {{.src}} accessed {{.domname}}, {{.dst}}"
expect output log:
12:18:03.220396 192.168.236.21.49851 accessed t4.mycompany.com, 192.168.0.6.443
Or any suggested way? if not supported.