Grok filter for application logs

Sridhar · February 12, 2018, 2:10pm

Hi all,

I have a problem in reading the below logs

log file 1

router#001(26322) 2018/02/09 00:00:17 -FKSPT- {2:2} Read from MQMNGR1P2:TSS_MTHIGH_WMQ_IN[wmqin(srid)] <Message(candidate => unknown, id => (2)"-1", userref => (13)"1830300016.01", reference => (12)"MM1801506848", relatedref => (16)"TATAL2L0000SCBL2L", message_id => (20)"20180209MM1801506848", system_id => (29)"MTH20180209000017-24761-26322")>

log file 2

router#002(99253) 2018/02/09 00:00:17 -FKSPT- {2:2} Write on MQMNGR1P2:TSS_MTHIGH_WMQ_ACK[wmqout] <Message(candidate => unknown, id => (2)"-1", userref => (13)"1830300016.01", reference => (12)"MM1801506848", relatedref => (16)"TATAL2L0000SCBL2L", message_id => (20)"20180209MM1801506848", system_id => (29)"MTH20180209000017-24761-26322")>

from file 1, I want to create a field as "intime" and capture 2018/02/09 00:00:17 and "messageID" and capture the word "20180209MM1801506848"

from file 2, I want to create a field as "outtime" and capture 2018/02/09 00:00:17and "messageID" and capture the word "20180209MM1801506848"

Please help me on the filterting..!!!

system · March 12, 2018, 2:10pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.