Grok newbie requesting guidance

camerodity · April 10, 2018, 1:43pm

Greetings! I am using the grok filter in Logstash to parse some metrics output that were normally sent to Ganglia, and we want to now use in Kibana for various Dashboard/Visualizations. A typical log file entry is along the lines of:

type=[TIMER|METER|GAUGE], name=<metric_name>, count=, additional_fields=, (where additional fields could be count= , max= , min= , median= ,etc..)

I am working on a grok pattern to put the additional_fields in their own logstash fields if they are present in the log output, but if they aren't (for example the TIMER type may not have the mean_rate field whereas the METER type does).

Is there a way to have one grok pattern to accomplish this?

Badger · April 10, 2018, 1:56pm

A kv filter might be a better approach.

camerodity · April 10, 2018, 2:55pm

Thanks! With a slight bit of tweaking with the KV filter I am now able to have the metric fields show up in Kibana correctly! I really appreciate your response.

system · May 8, 2018, 2:55pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.