fluentdそのままですがいつも忘れるのでメモ。
format = /^(?<host>[^ ]*) [^ ]* (?<user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^ ]*) +\S*)?" (?<code>[^ ]*) (?<size>[^ ]*) [^ ]* "(?<agent>[^\"]*)"$/
m = format.match(line)
puts m[:host] # 192.168.0.1
puts m[:time] # 10/Jul/2013:13:53:15 +0900