Hi Everyone,
I'm working on a categorization of results based on what is in the logs. I thought that if I aggregated the categories from the file and matched on those I could achieve the desired result. Could someone point me in the right direction please? I've been reading the documentations forever but I find that I might resort to using ruby code and implementing it with grok but again not sure how to approach that.
Example log info:
2017/20/01 [Type1] Information is here
2017/21/01 [Type2] Information is here too
2017/21/01 [Type3] Information isn't here.
Please note that I will not be aware of types right until I parse them in but Id like my data to be grouped into separate types and contain dates and messages inside. Does anyone have any ideas about how I could approach this? Also some of the logs will be multi line like this:
2017/22/01 [Type1] Information recieved:
---------------------
Information string 1: String
Information string 2: Hello
Information string 3: Out of ideas
2017/23/01[Type6] Another string
So I can see that multiline in this situation would be best.
Anyone with any insights please get back to me it will be truly appreciated.
Kind regards,
Maciej