Hello!! I'm trying to get the pattern of a file in Logstash with GROK, but I do not know how to make it. The line I want to GROK is:
{"type":"log","@timestamp":"2021-05-19T08:45:42+02:00","tags":["info","plugins","actions","actions"],"pid":15909,"message":"Server log: [ALERT][testAlarm][nameClient][{\"condition0\":[\"30%\"]}][2021-05-19T06:45:40.085Z];"}
How it should be my filter part?
filter {
grok {
match => { "message" => "..." }
}
}Why not use a json filter instead of grok?
That is a good point, thanks. Now my problem is more small than before because I just need to find a way to pull apart just this string:
Server log: [ALERT][testAlarm][nameClient][{\"condition0\":[\"30%\"]}][2021-05-19T06:45:40.085Z];
How I could get the pattern with GROK?
I solve it without GROK:
filter{
json {
source => "message"
}
mutate {
gsub => [
"message", "{", "",
"message", "}", "",
"message", '"', ""
]
}
dissect {
mapping => {
"message" => '%{e1} %{e2}: [%{e3}][%{e4}][%{e5}][%{e6}:[%{e7}]][%{e8}]'
}
}
}This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.