Grok filter patterns for syslog

Shreejit_Nair · March 7, 2016, 8:50am

Hi All,

I am new to logstash and still learning something new about this cool tool everyday.

I found that grok pattens work only with the patter we define

Like %{IP:client} %{WORD:method} %{URIPATHPARAM:request} %{NUMBER:bytes} %{NUMBER:duration} will work only for this "55.3.244.1 GET /index.html 15824 0.043" log entry in log file.

I want to know if there is any way to deal with grok patterns for log files which have huge records (with different patterns). In that case defining pattern for each line in Syslog will not be possible.

Please suggest how to deal with such a situation.

magnusbaeck · March 7, 2016, 6:29pm

I found that grok pattens work only with the patter we define

Not sure what you mean, but Logstash won't guess how to parse your logs. You need to tell it how to do it.

I want to know if there is any way to deal with grok patterns for log files which have huge records (with different patterns). In that case defining pattern for each line in Syslog will not be possible.

Please give some examples.

michalterbert · March 7, 2016, 7:12pm

one of the best sites for grok patterns (with autodiscovery function):
https://grokdebug.herokuapp.com/

take a look.