Assistance with grok

Blake_2112 · February 9, 2018, 11:11pm

I'm a bit stuck when determining a pattern to capture what I need from my logfile.

To start, the logfile columns are variable. Thus, the line in the log could have 5 pieces of information, the next line 10.

2017/01/18 04:55:53.278-0500 EventExp25B5 PESecondary2 [Error] Unexpected

None the less, I'm successful in grabbing the log information with the following grok statement:

%{YEAR}[/]%{MONTHNUM}[/]%{MONTHDAY} %{TIME}[-]%{INT:offset} %{GREEDYDATA:info}

What I would like to do is to capture the date (already doing) then grab the remainder of the data to the first bracket (severity), then GREEDY the remainder.

Just a bit stuck.

Suggestions?

Blake_2112 · February 9, 2018, 11:31pm

I believe I resolved my own issue.

The following seems to work:

%{YEAR}[/]%{MONTHNUM}[/]%{MONTHDAY} %{TIME}[-]%{INT:offset} %{DATA:info} [%{DATA:Severity}] %{GREEDYDATA:message}

system · March 9, 2018, 11:31pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Extracting fields from GREEDY data in GROK Logstash	2	2340	August 30, 2017
Parse date and time to timestamp using grok pattern Logstash	6	3025	July 28, 2022
Help needed in grok Logstash	5	2646	February 6, 2020
Grok Filter Pattern with Comma Logstash	8	14310	July 6, 2017
Grok pattern Logstash	3	254	November 10, 2021

Assistance with grok

Related topics