Grok Data in curly braces

marco2005 · June 18, 2020, 4:47pm

I have section in the log in curly braces

Thu Jun 18 08:01:42 CEST 2020|{"timestamp":1592460102635,"caller":"test.customer@customer1","action":"LOGIN","message":"ID000066 User [test.customer@customer1] logged in successfully."}

I am trying to parse this using the below grok filter

%{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{WORD:TZ} %{YEAR}|\{%{GREEDYDATA:DATA}\}

The DATA is not being parsed. Do I have to use a different approach ?

marco2005 · June 18, 2020, 4:52pm

I have to escape the | and it works

system · July 16, 2020, 4:52pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.