Creating pattern issue

11 Apr 2018 10:40:11,306 | WARN | TalendMP1555Prod | rg.apache.camel.util.CamelLogger 182 | 161 - org.apache.camel.camel-core - 2.15.4 | A20180411.1015+0100-1030+0100_15310.xml.gz

For this grok pattern is creeating an issue.


%{S3_REQUEST_LINE} %{CISCO_REASON} etc. seem to be custom patterns.
Did you define them?

Here are the default grok patterns for logstash.

Also, the input message has | in it, which you don't seem to handle.

By the way, since | seems to be functioning as a delimiter, using the dissect filter would be easier and also more efficient performance-wise.

edit: oh, or is %{S3_REQUEST_LINE} == "|" ?

Ho wcan we write pattern for the full line.

I've never done dissect before, but let's see.

dissect {
	mapping => {
		"message" => "%{field1} | %{field2} | %{field3} | %{field4} | %{field5} | %{field6}"

Name the fields field1, field2... etc. how you want to.
You can create more fields if you want to. Eg. with the dissect above field4 would look like this:

[field4] = "rg.apache.camel.util.CamelLogger 182"

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.