Hi,
I am stuck in finding pattern for my logs.
Please help.
Logs are of type:
"[INFO ] [19:37:08.327] [RSP] |ADD|IOrd 8|EOrd 1100000000011338|ESeq 76038132743205|Strm 3|Error 0|ProcessExchAddResp"
I have made grok pattern like this:
grok { match => { "message" => " %{SYSLOG5424SD:syslog1} %{SYSLOG5424SD:syslog2} %{SYSLOG5424SD:syslog3}%{LOGLEVEL:loglevel} %{GREEDYDATA:junk1} IOrd %{INT:order} %{GREEDYDATA:junk2}" ]"}}
Basically, I want a new field for IOrd whose value is 8 and for Error in this log, so that I can search in my Kibana specific value of IOrd.
Thanks in advance