Cover empty request data, url and version in Apache2 module (#10846)

CHANGELOG.next.asciidoc

@@ -99,6 +99,7 @@ https://github.com/elastic/beats/compare/v6.6.0...6.x[Check the HEAD diff]
 - Make elasticsearch/audit fileset be more lenient in parsing node name. {issue}10035[10035] {pull}10135[10135]
 - Fix bad bytes count in `docker` input when filtering by stream. {pull}10211[10211]
 - Fixed data types for roles and indices fields in `elasticsearch/audit` fileset {pull}10307[10307]
+- Cover empty request data, url and version in Apache2 module{pull}10846[10846]
 
 *Heartbeat*
 

filebeat/module/apache2/access/ingest/default.json

@@ -4,7 +4,7 @@
     "grok": {
       "field": "message",
       "patterns":[
-          "%{IPORHOST:apache2.access.remote_ip} - %{DATA:apache2.access.user_name} \\[%{HTTPDATE:apache2.access.time}\\] \"%{WORD:apache2.access.method} %{DATA:apache2.access.url} HTTP/%{NUMBER:apache2.access.http_version}\" %{NUMBER:apache2.access.response_code} (?:%{NUMBER:apache2.access.body_sent.bytes}|-)( \"%{DATA:apache2.access.referrer}\")?( \"%{DATA:apache2.access.agent}\")?",
+          "%{IPORHOST:apache2.access.remote_ip} - %{DATA:apache2.access.user_name} \\[%{HTTPDATE:apache2.access.time}\\] \"(?:%{WORD:apache2.access.method} %{DATA:apache2.access.url} HTTP/%{NUMBER:apache2.access.http_version}|-)?\" %{NUMBER:apache2.access.response_code} (?:%{NUMBER:apache2.access.body_sent.bytes}|-)( \"%{DATA:apache2.access.referrer}\")?( \"%{DATA:apache2.access.agent}\")?",
           "%{IPORHOST:apache2.access.remote_ip} - %{DATA:apache2.access.user_name} \\[%{HTTPDATE:apache2.access.time}\\] \"-\" %{NUMBER:apache2.access.response_code} -",
         "\\[%{HTTPDATE:apache2.access.time}\\] %{IPORHOST:apache2.access.remote_ip} %{DATA:apache2.access.ssl.protocol} %{DATA:apache2.access.ssl.cipher} \"%{WORD:http.request.method} %{DATA:apache2.access.url} HTTP/%{NUMBER:apache2.access.http_version}\" %{NUMBER:apache2.access.body_sent.bytes}"
         ],
@@ -23,11 +23,13 @@
     "date": {
       "field": "apache2.access.time",
       "target_field": "@timestamp",
-      "formats": ["dd/MMM/yyyy:H:m:s Z"]
+      "formats": ["dd/MMM/yyyy:H:m:s Z"],
+      "ignore_failure": true
     }
   }, {
     "remove": {
-      "field": "apache2.access.time"
+      "field": "apache2.access.time",
+      "ignore_failure": true
     }
   }, {
     "user_agent": {

filebeat/module/apache2/access/test/test.log

@@ -2,3 +2,4 @@
 192.168.33.1 - - [26/Dec/2016:16:22:13 +0000] "GET /hello HTTP/1.1" 404 499 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:50.0) Gecko/20100101 Firefox/50.0"
 ::1 - - [26/Dec/2016:16:16:48 +0200] "-" 408 -
 172.17.0.1 - - [29/May/2017:19:02:48 +0000] "GET /stringpatch HTTP/1.1" 404 612 "-" "Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2" "-"
+127.0.0.1 - - [02/Feb/2019:05:38:45 +0100] "-" 408 152 "-" "-"

filebeat/module/apache2/access/test/test.log-expected.json

@@ -77,5 +77,24 @@
         "input.type": "log",
         "offset": 285,
         "prospector.type": "log"
+    },
+    {
+        "@timestamp": "2019-02-02T04:38:45.000Z",
+        "apache2.access.body_sent.bytes": "152",
+        "apache2.access.referrer": "-",
+        "apache2.access.remote_ip": "127.0.0.1",
+        "apache2.access.response_code": "408",
+        "apache2.access.user_agent.device": "Other",
+        "apache2.access.user_agent.name": "Other",
+        "apache2.access.user_agent.original": "-",
+        "apache2.access.user_agent.os": "Other",
+        "apache2.access.user_agent.os_name": "Other",
+        "apache2.access.user_name": "-",
+        "event.dataset": "apache2.access",
+        "fileset.module": "apache2",
+        "fileset.name": "access",
+        "input.type": "log",
+        "offset": 443,
+        "prospector.type": "log"
     }
 ]