Filter logstash with grok not work

Elastic Stack Beats
1

anyone can help, i want to filter my log

this is my log
{Level:info Time:2020-12-03 12:14:28.203517503 +0700 WIB m=+18300.336235694 LoggerName: somefield Message://app/snmaterialdetail/4550554942/V222FAK-BA341T Caller:/home/admin/tmsv2/main.go:277 Stack: somefield}

i already try grok debugger, not work

this is my filter :

filter {
grok {
match => { "message" => "Level:%{LOGLEVEL:level} Time:%{TIMESTAMP_ISO8601:timestamp} %{ISO8601_TIMEZONE} WIB %{GREEDYDATA} LoggerName:%{DATA:logger} Message:%{GREEDYDATA:msg} Caller:%{UNIXPATH:caller} Stack:%{GREEDYDATA:stacktrace}" }
overwrite => [ "message" ]
}
}

2

You are forgetting that your message starts with { and ends with } so you need to also put \{ at the beginning of your grok maybe?

3

hi mario thanks for your fast respond do you mean like this ?

filter {
grok {
match => { "message" => {"Level:%{LOGLEVEL:level} Time:%{TIMESTAMP_ISO8601:timestamp} %{ISO8601_TIMEZONE} WIB %{GREEDYDATA} LoggerName:%{DATA:logger} Message:%{GREEDYDATA:msg} Caller:%{UNIXPATH:caller} Stack:%{GREEDYDATA:stacktrace}"} }
overwrite => [ "message" ]
}
}

4

I confuse for this, how to parse this field. I use TIMESTAMP_ISO8601 cannot parse all. please i need help

5

That is not TIMESTAMP_ISO8601 format, you missing T between day and hour, so the grok fails.

6

You can use this webapp to test https://grokconstructor.appspot.com/do/match

7

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.