[CLOSED]Grok pattern - Help

Hello,

My logs are like this, the part I'm interested in is after the absolute time, but if I need use all of the fields there is no problem.

Aug 9 05:54:25 centos-2gb-lon1-01-bro bro_conn: 1502257999.489181 CHQPvB4hjHMzYqx 8Si 178.62.0.46 51199 87.242.168.84 123 udp - 0.016671 0 48 SHR F F 0 Cd 0 0 1 76 (empty)

Aug 9 05:54:25 centos-2gb-lon1-01-bro bro_conn: 1502257999.489181 CHQPvB4hjHMzYqx 8Si 178.62.0.46 51199 87.242.168.84 123 udp - 0.016671 0 48 SHR F F 0 Cd 0 0 1 76 (empty)

Aug 9 05:55:15 centos-2gb-lon1-01-bro bro_conn: 1502258106.470555 CffsI84ZfHek1wg Bl9 198.20.69.74 46640 178.62.0.46 3780 tcp - 0.000060 0 0 REJ F F 0 Sr 1 40 1 40 (empty)

Aug 9 05:55:15 centos-2gb-lon1-01-bro bro_conn: 1502258106.470555 CffsI84ZfHek1wg Bl9 198.20.69.74 46640 178.62.0.46 3780 tcp - 0.000060 0 0 REJ F F 0 Sr 1 40 1 40 (empty)

Aug 9 05:55:15 centos-2gb-lon1-01-bro bro_conn: 1502258108.523194 C1rBUa2o3kkL4FH fq7 217.219.43.225 25885 178.62.0.46 23 tcp - 0.000032 0 0 REJ F F 0 Sr 1 40 1 40 (empty)

Thanks for your help,

Pedro Cabral

I don't get the question. An example of the desired result might help.

Did you try the grok constructor web site?

Hello Magnusbaeck,

My goal is to create a json with all the values of the message.
I'm using the grok constructor my problem right now is the :.

Thanks for your help,

Best Regards,
Pedro Cabral

My goal is to create a json with all the values of the message.

Okay.

I’m using the grok constructor my problem right now is the :.

The colon? What about it?

It wasn't allowing me to parse the rest of the log but i could solve it.
Thx anyways

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.