Hi,
please help me to define grok for below log
{ "sysdate":"[08/Jun/2019:00:00:12 -0400]", "site":"cdbeser.net", "host":"lmw.net", "method":"POST", "request":"/services/servicePath", "querystring":"", "port":"4413", "username":"-", "cookie":"000eyoCaOciM:1b68jpu1f:1bv8bktat", "coauthsessionid":"-", "clienthost":"14.25.10.41", "httpversion":"HTTP/1.1", "useragent":"-", "referer":"-", "responsestatus":"20", "subresponse":"0", "win32status":"0", "sbytes":"799", "cbytes":"0", "timetaken":"3595" }
Hi,
No need to grok i saw your log is valid in JSON format so you'll have to try something like :
json {
source => "message"
add_tag => [ "json" ]
}
See documentation
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.