Hi there.
I'm trying to use grok for the first time to parse a line log like this:
Mar 15 10:45:13 myapp.com myapp: [Info] <99999999999999> /path/path1: [10.255.255.255:99999] POST /our_queue/worker/import? 204
In the Dev tools, with this syntax
%{SYSLOGTIMESTAMP:timestamp} %{SYSLOGHOST:host.hostname} %{DATA:process.name}(:)
%{LOGLEVEL:log-level} %{GREEDYDATA:message}
But is not working. The Debugger should recognize these predefined patterns, no?
You are missing the brackets around the Log Level note the are escaped
%{SYSLOGTIMESTAMP:timestamp} %{SYSLOGHOST:host.hostname} %{DATA:process.name}(:) \[%{LOGLEVEL:log-level}\] %{GREEDYDATA:message}
Thank you. I wrongly assumed the LOGLEVEL pattern included the square brackets.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.