Capturing all messages in a log

Elastic Stack Logstash
1

I'm trying to capture all the messages in a log.

For example, we get this log that contains 6 messages.

"message":["18.59.43 STC47873 +LRGPSEVRI\u000007/29/20 18:59:43 I West Logged on to Tandem/Base24.","18.59.43 STC47873 +LRGPSEVRI\u000007/29/20 18:59:43 I West Logged off from Tandem/Base24.","18.59.43 STC47873 +LRGPSEVRI\u000007/29/20 18:59:43 I West Environment reset ok","18.59.43 STC47873 +LRGPSEVRE\u000007/29/20 18:59:43 E West Maximum resets occurred for task","18.59.43 STC47873 +LRGPSEVRE\u000007/29/20 18:59:43 E West Base24/Tandem comm error . Run job PRGSWSVR when resolved.","18.59.43 STC47873 +LRGPSEVRI\u000007/29/20 18:59:43 I West Server is ending","\u0000 "],"seq":{"w":"3","c":"32347"}}

All of these messages match same grok pattern that I coded.
However, I noticed that once a grok found a match in one of the messages, it will ignore the rest of the logs.

Is it possible to capture all 6 messages and send it to Kibana?

I would greatly appreciate any suggestions. Needless to say, I am new to grok and I tried everything I found in google but nothing seem to work for this particular case.

Thank you.

2

Welcome to our community! :smiley:

You probably want to use something like dissect to split the message before you run grok on each one.

3

Thanks, Mark, for the welcome and suggestions. :slight_smile:
I will look dissect up.
The problem with the log we are getting is that we don't get the same number of messages in it.
Sometimes we only get 1 and sometime more than that and can reach up to 20, from the cases I've seen.

I have yet to see the result of the stack trace I read about and applied. I'm not hopeful.

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.