Grok expression for name value pairs

06 Feb 2018 13:11:24,640 INFO SaveMetrics:39 - Metrics :httpsessions.max -1 httpsessions.active 0 datasource.primary.active 0 datasource.primary.usage 0.0 datasource.hcarsessioninfo.active 0 datasource.hcarsessioninfo.usage 0.0 datasource.vhcpdemo.active 0 datasource.vhcpdemo.usage 0.0 mem 752313 mem.free 193712 processors 8 instance.uptime 153121 uptime 233225 systemload.average -1.0 heap.committed 624640 heap.init 262144 heap.used 430927 heap 3708416 nonheap.committed 133080 nonheap.init 2496 nonheap.used 127673 nonheap 0 threads.peak 125 threads.daemon 19 threads.totalStarted 145 threads 122 classes 13958 classes.loaded 13958 classes.unloaded 0 gc.ps_scavenge.count 15 gc.ps_scavenge.time 347 gc.ps_marksweep.count 3 gc.ps_marksweep.time 545

I have the above log commnets.
I need to filter it by name value pairs for example

{
"Timestamp": [
[
"06 Feb 2018 13:11:24,640"
]
],
"loglevel": [
[
"INFO"
]
],
"httpsessions.max": [
[
-1
]
],
"httpsessions.active": [
[
0
]
]
}

Doing this with a grok filter will be tedious and error-prone. Try using a kv filter instead.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.