I have a log looks like this
2020-01-24 06:49:05] local.ERROR: syntax error, unexpected ''/home);' (T_ENCAPSED_AND_WHITESPACE) {"exception":"[object] (Symfony\Component\Debug\Exception\FatalThrowableError(code: 0): syntax error, unexpected ''/home);' (T_ENCAPSED_AND_WHITESPACE) at /var/www/html/test.com/app/Http/Controllers/HomeController.php:10)
and i have filter conf looks like this
filter
{
grok {
match => { "message" => "\[%{TIMESTAMP_ISO8601:timestamp}\] %{DATA:env}\.%{DATA:severity}\: %{GREEDYDATA:issue}" }
}
mutate {
add_field => {
"opsgenieAction" => "create"
"description" => "EMERGENCY"
"actions" => ["Restart", "Fixing Bug"]
"tags" => ["Error"]
"[details][prop1]" => "val1"
"[details][prop2]" => "val2"
"entity" => "Laravel Application"
"priority" => "P1"
"source" => "ce006"
"user" => "custom user"
"note" => "alert is created"
}
}
}
the grok match filter give back the result
"message" => "{"@timestamp":"2020-01-24T07:46:58.365088+00:00","@source":"ce006","@fields":{"channel":"local","level":400,"ctxt_exception":{"class":"Symfony\\Component\\Debug\\Exception\\FatalThrowableError","message":"syntax error, unexpected ''/home);' (T_ENCAPSED_AND_WHITESPACE)","code":0,"file":"/var/www/html/test.com/app/Http/Controllers/HomeController.php:10","trace":.....
"@issue":"syntax error, unexpected ''/home);' (T_ENCAPSED_AND_WHITESPACE)","@tags":["local"]}\n",
I want to extract the issue element and overwrite the message match filter so i just got the issue about whats happening on my application. any suggestion how to do this?