Now I want to grep these 3 paths from a bunch of logs: basically the pattern that I want to extract is logs containing "vincinity" "sql" and "IN" so with regex it would be simply vincinitysqlIN I tried this grok filter:
grok {
match => { "full_log" => "%{URIPATHPARAM:*vincinity*sql*IN*}" }
}
Then I get _grokparsefailure in kibana - I'm brand new to grok, so perhaps I'm not approaching this correctly.
You should read an introductory article on regular expressions (which are what grok is based on). To match multiple occurrences of any character, use .* not *.
Secondly, grok patterns are used like this: %{PATTERN_NAME:field}, where field is the name of the field in which to store the matched text. I don't think you want stuff stored in a field named *vincinity*sql*IN*.
I don't know what you're trying to do. Do you want to extract particular substrings from the contents of the full_log field? Or ignore all events whose full_log field don't contain vincinity, sql, and IN?
Thanks this is really helpful - but I'm now having a grok exception, and I'm actually looking for full_log messages containing the path .*vincinity.*sql.IN.
Okay so I need to tag full_log fields containing .*vincinity.*sql.IN. so that I can perform a search in Kibana using that tag.
This is one example but if it works I'll apply more customized patterns later and have more tags for the full_log fields.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.