Apply Grok to a log file

Denilson-Semedo · May 25, 2021, 5:56pm

I have thease following logs:

{"type":"audit_entry","created":"5/20/2021, 11:12:42 PM","colaborador_id":"cf7dc62b-dde9-4980-89d8-96eb5707876e","ip":"192.168.112.6","request_method":"PUT","ajax":false,"route":"/stock/artigos/8c443bfe-d077-46d2-805b-948c15534f2c","protocol":"https"}

{"type":"audit_javascript","created":"5/20/2021, 11:12:42 PM","colaborador_id":"cf7dc62b-dde9-4980-89d8-96eb5707876e","origin":"/stock/artigos/8c443bfe-d077-46d2-805b-948c15534f2c","message":"SUCCESS"}

{"type":"audit_entry","created":"5/20/2021, 11:17:30 PM","colaborador_id":"cf7dc62b-dde9-4980-89d8-96eb5707876e","ip":"192.168.112.6","request_method":"PUT","ajax":false,"route":"/stock/artigos/e7fd6fb0-668a-4285-a78e-1c3e2f8ebba4","protocol":"https"}

{"type":"audit_javascript","created":"5/20/2021, 11:17:30 PM","colaborador_id":"cf7dc62b-dde9-4980-89d8-96eb5707876e","origin":"/stock/artigos/e7fd6fb0-668a-4285-a78e-1c3e2f8ebba4","message":"SUCCESS"}

{"type":"audit_entry","created":"5/21/2021, 8:31:00 AM","colaborador_id":"9b3b665d-5c95-4a4b-9ace-a140b1ea9259","ip":"192.168.112.6","request_method":"PUT","ajax":false,"route":"/relacionamento/agendamento/c3058ae8-3c55-45ac-b184-72470b3e1299","protocol":"https"}

How I can use GROK in this case?

It seems like it's not possible to apply grok to this

Badger · May 25, 2021, 6:04pm

Why would you want to use a grok filter instead of a json filter?

Denilson-Semedo · May 25, 2021, 8:23pm

Sorry, I'm new in the elastic "world" so I didn't know about the existence of the json filter. know it seems is json filter is the solution. thanks for that!

By the way, it is possible to apply grok in this situation?

Badger · May 25, 2021, 8:49pm

It is always possible, but not always useful.

system · June 22, 2021, 8:50pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.