Hi Team,
I'm trying filter following log message,
[2022-07-06T20:54:20.471-0700] [LogLevel:INFO] [ServerName:xyz.vcn.com] [IP:10.x.x.66][AppName:IoT] [FlowName: updateDevice] [ID:2022-07-06 20:54:20.471] [ECID:yja_Y1ega00000000] [MSG:Started]
Pattern that I'm trying,
%{TIMESTAMP_ISO8601:timestamp} %{LOGLEVEL:logLevel} %{DATA:host}.%{GREEDYDATA:domain} %{IP:clientIP} %{GREEDYDATA:message}
In my log, I have a [LogLevel:INFO] . Can someone please help me on this in building a grok match.
Hi @Rao_Nelakurti ,
Please use below GROK:
\[%{TIMESTAMP_ISO8601:timestamp}\]\s*\[LogLevel:%{LOGLEVEL:logLevel}\]\s*\[ServerName:%{DATA:host}\]\s*\[IP:%{IP:ip}\]
{
"timestamp": [
[
"2022-07-06T20:54:20.471-0700"
]
],
"YEAR": [
[
"2022"
]
],
"MONTHNUM": [
[
"07"
]
],
"MONTHDAY": [
[
"06"
]
],
"HOUR": [
[
"20",
"07"
]
],
"MINUTE": [
[
"54",
"00"
]
],
"SECOND": [
[
"20.471"
]
],
"ISO8601_TIMEZONE": [
[
"-0700"
]
],
"logLevel": [
[
"INFO"
]
],
"host": [
[
"xyz.vcn.com"
]
],
"ip": [
[
"10.1.2.66"
]
],
"IPV6": [
[
null
]
],
"IPV4": [
[
"10.1.2.66"
]
]
}
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.