Grok message pattern for log4j application log sample

I have below set of log4j lines in the log file -

2017 Jun 13 01:56:51:303 GMT +5 BW.CustomerInfo Info [BW-Core] BWENGINE-300001 Process Engine version 5.10.0, build V80_Hotfix08, 2013-5-27
2017 Jun 13 01:56:51:305 GMT +5 BW.CustomerInfo Info [BW-Core] BWENGINE-300009 BW Plugins: version 5.10.0, build V80_Hotfix08, 2013-5-27
2017 Jun 13 01:56:51:309 GMT +5 BW.CustomerInfo Info [BW-Core] BWENGINE-300010 XML Support: TIBCOXML Version 5.51.600.001
2017 Jun 13 01:56:51:310 GMT +5 BW.CustomerInfo Info [BW-Core] BWENGINE-300011 Java version: Java HotSpot(TM) 64-Bit Server VM 24.51-b03
2017 Jun 13 01:56:51:310 GMT +5 BW.CustomerInfo Info [BW-Core] BWENGINE-300012 OS version: amd64 Windows 8 6.2
2017 Jun 13 01:56:51:425 GMT +5 BW.CustomerInfo Info [BW-Core] BWENGINE-300013 Tibrv string encoding: UTF-8
2017 Jun 13 01:56:51:662 GMT +5 BW.CustomerInfo Info [BW_Plugin] BW-HTTP-100500 Using the following HTTP minProcessors/maxProcessors [host=localhost port=3000]: 10/75
2017 Jun 13 01:56:52:061 GMT +5 BW.CustomerInfo Info [BW-Core] BWENGINE-300002 Engine CustomerInfo started
2017 Jun 13 01:56:52:210 GMT +5 BW.CustomerInfo Error [BW_Plugin] BW-HTTP-100121 Activation error with process starter [Process Definition.process]
Activation error with process starter [Process Definition.process]
at com.tibco.pe.core.ProcessStarter.setState(Unknown Source)
at com.tibco.pe.core.JobPool.if(Unknown Source)
at com.tibco.pe.core.JobPool.resume(Unknown Source)
at com.tibco.pe.core.JobPool.a(Unknown Source)
at com.tibco.pe.core.JobPool.startNotFT(Unknown Source)

What should be my pattern for message?
filter {
grok {
match => {
"message" => "<???>"
}
}
date {
match => {"@timestamp" => "yyyy MMM dd HH:mm:ss:SSS"}
}
}

You can use the grok constructor site as a guide to creating grok expressions that match a particular line of input.

Hi Magnus,

Great...!!! Can't thank you enough. :relieved:

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.