I would like to parse / format a log file that at some point it contains the following:
20191016160456 ,PRIORITY,COLOR,APP-NAME~hostname_instance_01, process not found
First field is a timestamp, second ( PRIORITY ) is a priority that can be P1,2 or 3 the followed by a state ( COLOR) that can be red, green, yellow then a description of the app having the issue.
The problem with this is that if I want to use grok, from what I understood, I have no field name like priority: p1 timestamp: xxxxxxx I have the values itself. Do you have any example of how can I create a new field with add_field for example so that I have Severity containing P1,2 or 3 , State containing green , red and so on, so then I can make searches on those values?
My aim is to create watchers / alerts based on those values.