Hello everyone, I come to the forum to ask if somebody could give a suggestion. I'm trying to take a field from a log event but I'm not having the results that I want.
The field is for the words in bold;
The log looks like this:
2020-03-26 06:11:44,936 INFO IMCEventQueue imc-ice-fixos: IN << 8=FIX.4.2|9=1015|35=UDS|49=ICE|34=1158|52=20200326-05:11:44.796707|56=13953|57=HORIZON|322=6|320=1585199499433|323=4|9052=200|55=5793804|48=L FMM0022-L FMM0024|22=8|207=IFLL|9048=L 99 5793804|167=MLEG|541=20220615|107=Three Month Sterling Future Spr - ICEU - Jun22/Jun24|326=18|762=99|996=point|9064=2|60=20180620-12:53:01.737|9013=0.005|9014=1.0|9083=3.0|9084=0|9061=6423|9030=1|9091=IFLL.L|9092=1|9002=F|9040=0.005|9041=1.0|9100=GBP|9101=GBP / point|9185=3.0|9022=1|9024=1.0|9205=1|9215=1|9300=9824|9301=ICEU|9302=ICEU|9303=L|9200=17|9202=Jun22/Jun24|9062=Three Month Sterling Future Spr|9217=0|9070=12|9071=0|9072=K|9073=1000.0|9071=1|9072=K|9073=1.0|9071=2|9072=K|9073=6000.0|9071=3|9072=K|9073=17.0|9071=0|9072=4|9073=3000.0|9071=1|9072=4|9073=1.0|9071=2|9072=4|9073=1.0|9071=3|9072=4|9073=17.0|9071=0|9072=AA|90
2020-03-26 05:10:06,703 INFO Timer-ll-Indicators-6 IndicatorSet-IBus-Server: IBus-Server: root[LocalPort=-1] clients[NbTCP=0 MaxTCP=300 NbLocal=4] Memory[Consumed=251MB Free=473MB Max=911MB Total=724MB] CPU[Current=0.01% Average=0.02% Cores=0.00 Max=0.57% AvailableProcessors=28]
2020-03-25 07:00:21,642 INFO IMC-DICT_QUEUE DictUpdates: Publishing dictionary event: DictEvent[100814987 INSERTED]
......
Would you mind giving me a suggestion?
I'm trying with this pattern in grok:
%{TIMESTAMP_ISO8601:logdate} %{LOGLEVEL:logLevel} %{GREEDYDATA:thread_name} %{SPACE} %{WORD:class_name}:%{GREEDYDATA:text}
but it only works good for the "type3" raw in the event.
Thanks so much,