hello, i've tried using grok filter for parsing logs like this 2018-10-11 18:40:10,219 [test] [someID: TEST-name] INFO com.test status=401 duration=16
I've tried grok constructor and came up with this %{TIMESTAMP_ISO8601:logdate} \[%{DATA:test}\] \[someID: %{DATA:someID}\] ( status= %{NUMBER:status})? ( duration= %{NUMBER:duration})? %{LOGLEVEL:level}\s+(?<raw>(.|\n)*$)
However with my filter i'm not able to see the fields for status or duration in kibana. Anything missing or wrong in my grok filter? Any tips on how to add 'status=401' or 'duration=16'