Adding a pattern in grok file in Logstash Grok File - Creating Grok Pattern

Elastic Stack Logstash
1

Hi,

Here is my log pattern for which I need to write the grok for:

Log Pattern :
2016-12-05 17:31:10:675 WARNI Received signal: SIGTERM [OSignalHandler]

Another log pattern :
2016-12-05 16:52:12:805 SEVER Unable to listen for connections using configured hosts [OServerNetworkListener]

I see the grok file in logstash folder in
C:\logstash-5.0.0\logstash-5.0.0\vendor\bundle\jruby\1.9\gems\logstash-patterns-core-4.0.2\patterns..

In grok-patterns file - there is log-level:
LOGLEVEL ([Aa]lert|ALERT|[Tt]race|TRACE|[Dd]ebug|DEBUG|[Nn]otice|NOTICE|[Ii]nfo|INFO|[Ww]arn?(?:ing)?|WARN?(?:ING)?|[Ee]rr?(?:or)?|ERR?(?:OR)?|[Cc]rit?(?:ical)?|CRIT?(?:ICAL)?|[Ff]atal|FATAL|[Ss]evere|SEVERE|EMERG(?:ENCY)?|[Ee]merg(?:ency)?)

I want to add WARNI and SEVER present in my log to this Pattern.

Can anyone help on this?

Thanks !

2

I tried adding like SEVER and WARNI like this :

LOGLEVEL1 ([Aa]lert|ALERT|[Tt]race|TRACE|[Dd]ebug|DEBUG|[Nn]otice|NOTICE|[Ii]nfo|INFO|[Ww]arni?(?:ng)?|WARNI?(?:NG)?|[Ee]rr?(?:or)?|ERR?(?:OR)?|[Cc]rit?(?:ical)?|CRIT?(?:ICAL)?|[Ff]atal|FATAL|[Ss]ever|SEVER|EMERG(?:ENCY)?|[Ee]merg(?:ency)?)

But getting grokparsefailure.

3

Please show what your grok filter looks like.

4

thanks for your reply Magnus. It is working for me now. there was an issue with the patterns file where I was trying to write a custom grok.

5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.