Assistance with grok

Blake_2112 · February 9, 2018, 11:11pm

I'm a bit stuck when determining a pattern to capture what I need from my logfile.

To start, the logfile columns are variable. Thus, the line in the log could have 5 pieces of information, the next line 10.

2017/01/18 04:55:53.278-0500 EventExp25B5 PESecondary2 [Error] Unexpected

None the less, I'm successful in grabbing the log information with the following grok statement:

%{YEAR}[/]%{MONTHNUM}[/]%{MONTHDAY} %{TIME}[-]%{INT:offset} %{GREEDYDATA:info}

What I would like to do is to capture the date (already doing) then grab the remainder of the data to the first bracket (severity), then GREEDY the remainder.

Just a bit stuck.

Suggestions?

Blake_2112 · February 9, 2018, 11:31pm

I believe I resolved my own issue.

The following seems to work:

%{YEAR}[/]%{MONTHNUM}[/]%{MONTHDAY} %{TIME}[-]%{INT:offset} %{DATA:info} [%{DATA:Severity}] %{GREEDYDATA:message}

system · March 9, 2018, 11:31pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.