Cant parse correctly

Alexandros888 · November 27, 2019, 11:42am

Hello,

I want to parse the following message:

<155>##preprod_AISAMSWEB##: 2019-11-25 16:08:34,876 [ERROR] QT_WebEvents - System.InvalidOperationException: The requested Performance Counter is not a custom counter, it has to be initialized as ReadOnly.

I parse it with the following Grok Pattern:

<%{NUMBER:u_n_1}>%{GREEDYDATA:messageTEST}##%{WORD:hostname}##: %{TIMESTAMP_ISO8601:timestamp} %{DATA:loglevel} %{WORD:logger} %{GREEDYDATA:message}

The results are the following:

{
"hostname": "preprod_AISAMSWEB",
"loglevel": "[ERROR]",
"logger": "QT_WebEvents",
"u_n_1": "155",
"message": "- System.InvalidOperationException: The requested Performance Counter is not a custom counter, it has to be initialized as ReadOnly.",
"messageTEST": "",
"timestamp": "2019-11-25 16:08:34,876"
}

Nevertheless, i want to have the loglevel variable without the symbols.
I want the loglevel variable to contain the price ERROR instead of [ERROR].

Can someone help?

Thank you

Badger · November 27, 2019, 4:39pm

Use

\[%{DATA:loglevel}\]

Alexandros888 · November 28, 2019, 7:14am

thank you a lot it works smoothly now :). Where can i find more use cases like this..i mean do you know a link or a book that provides all kind of examples?

system · December 26, 2019, 7:14am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
I need to parse this log message format Logstash	11	2427	April 2, 2019
Logstash _grokparsefailure error Logstash	21	8102	July 19, 2017
Having problems parsing data Logstash	4	305	February 18, 2021
Help with particular grok pattern (SOLVED) Logstash	3	750	October 19, 2017
How Can I parse why I got the error tag : _grokparsefailure Logstash	4	2424	July 6, 2017

Cant parse correctly

Related topics