Grok Custom Pattern creation

Elastic Stack Logstash
1

JHi All,
So here is a sample of my log:

23:28:32.226 WARN [MsgParser:ListProc-Q0:I5] Parsing error
Error mapping the fieldAdditional Information:

at com.authentic.mapper.parsing.LengthVar.readBytes(LengthVar.java:178)
at com.authentic.mapper.parsing.GrpLengthVar.read(GrpLengthVar.java:96)
at com.authentic.mapper.parsing.GrpLengthVar.read(GrpLengthVar.java:119)
at com.authentic.mapper.parsing.MsgParser.processReadEnumeration(MsgParser.java:339)
at com.authentic.mapper.parsing.MsgParser.parseIncomingMessageBody(MsgParser.java:295)
at com.authentic.mapper.MapperMgr.parseMsg(MapperMgr.java:1033)
at com.authentic.architecture.interchange.accesspoint.AbstractConnectionHandler.parseMessage(AbstractConnectionHandler.java:4408)
at com.authentic.architecture.interchange.accesspoint.AbstractConnectionHandler.plainMessageReceivedEvent(AbstractConnectionHandler.java:2031)
at com.authentic.architecture.interchange.accesspoint.AbstractConnectionHandler.messageReceivedEvent(AbstractConnectionHandler.java:1911)
at com.authentic.architecture.interchange.accesspoint.SocketConnectionHandler.messageReceivedEvent(SocketConnectionHandler.java:801)
at com.authentic.architecture.interchange.accesspoint.SocketConnectionHandler.messageReceivedEvent(SocketConnectionHandler.java:282)
at com.authentic.architecture.interchange.accesspoint.SocketConnectionHandler.messageReceivedEvent(SocketConnectionHandler.java:261)
at com.authentic.architecture.interchange.accesspoint.AbstractConnectionHandler.processEventQueue(AbstractConnectionHandler.java:4110)
at com.authentic.architecture.interchange.accesspoint.AbstractConnectionHandler.access$100(AbstractConnectionHandler.java:320)
at com.authentic.architecture.interchange.accesspoint.AbstractConnectionHandler$ConnectionHandlerRunner.execute(AbstractConnectionHandler.java:416)
at com.authentic.architecture.actions.ListProcessor.suspend(ListProcessor.java:1130)
at com.authentic.architecture.actions.ListProcessor.run(ListProcessor.java:775)
at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.NumberFormatException: For input string: "^123"
at java.lang.NumberFormatException.forInputString(Unknown Source)
at java.lang.Integer.parseInt(Unknown Source)
at java.lang.Integer.parseInt(Unknown Source)
at com.authentic.mapper.parsing.LengthVar.readBytes(LengthVar.java:170)
... 17 more

i have used the multiline filter:
multiline {
pattern => "%{TIME:timestamp}"
negate => true
what => "previous"
}
and the pattern i used in grok filter:
match=>{"message"=>"%{TIME:timestamp} %{LOGLEVEL:loglevel} \s*\[%{DATA:logger}\]\s*%{GREEDYDATA:msg}\n*(?<stacktrace>(.|\r|\n)*)"}

i have checked it with http://grokconstructor.appspot.com/do/match. but got this matching error for stacktrace field.

matchingerror
matchingerror.jpg1920×1080 398 KB

although the last match is upto :%{TIME:timestamp} %{LOGLEVEL:loglevel} \s*\[%{DATA:logger}\]\s*%{GREEDYDATA:msg}
but\n*(?<stacktrace>(.|\r|\n)*) is not getting matched.
Needed suggestion upon this.
thanks in advance.

2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.