ES|QL Grok parsing

Hello all,

I have this raw log which I want to parse using GROK.

I tried this but can't get it to parse. Appreciate any help I get :slight_smile:

Sample Data
2024-11-05 08:36:53 UTC:ip-10-0-1-111.ap-southeast-1.compute.internal(64610):test_db_user@test_db:[21161]:ERROR: relation "user_table where userId = 1" does not exist at character 15

Grok Pattern
%{SYSLOGBASE2} %{PROG} %{JAVALOGMESSAGE}

The patterns you use are not matching, have a go with this:

%{TIMESTAMP_ISO8601:timestamp} %{TZ:tz}:%{DATA:source}:%{DATA:user}:\[%{NUMBER:pid}\]:%{LOGLEVEL:log_level}:%{GREEDYDATA:message}