Extract logs from a file that start with a line and end with a known line do this for the whole file using logstash

chikugerson · March 22, 2023, 7:58am

input {

  file {
		path => "C:/Users/user/Documents/Logstash/mylogs/spa2.log"
		start_position => "beginning"    
  }
}
filter {
  if "SPAHGW:31 32 30 30                                      :004:: 1200" in [message] {
    grok {
      match => { "message" => "^SPAHGW:31 32 30 30                                      :004:: 1200 %{GREEDYDATA:start_message}" }
    }
  }
  
  if "SPAHGW:39 39                                            :032:: 99" in [message] {
    grok {
      match => { "message" => "^SPAHGW:39 39                                            :032:: 99 %{GREEDYDATA:end_message}" }
    }
  }
}

Im trying to ingest logs from this line SPAHGW:31 32 30 30 :004:: 1200
include all the lines in between upto this line SPAHGW:39 39 :032:: 99 able to get from the start line but getting the logs upto the second line isnt working, and ingesting logs starting with different lines too

system · April 19, 2023, 7:58am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.