Grok newbie requesting guidance

camerodity · April 10, 2018, 1:43pm

Greetings! I am using the grok filter in Logstash to parse some metrics output that were normally sent to Ganglia, and we want to now use in Kibana for various Dashboard/Visualizations. A typical log file entry is along the lines of:

type=[TIMER|METER|GAUGE], name=<metric_name>, count=, additional_fields=, (where additional fields could be count= , max= , min= , median= ,etc..)

I am working on a grok pattern to put the additional_fields in their own logstash fields if they are present in the log output, but if they aren't (for example the TIMER type may not have the mean_rate field whereas the METER type does).

Is there a way to have one grok pattern to accomplish this?

Badger · April 10, 2018, 1:56pm

A kv filter might be a better approach.

camerodity · April 10, 2018, 2:55pm

Thanks! With a slight bit of tweaking with the KV filter I am now able to have the metric fields show up in Kibana correctly! I really appreciate your response.

system · May 8, 2018, 2:55pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Fields filtered are not added in kibana from grok Kibana	1	360	November 9, 2018
Logstash grok to match the metricbeat type and add field Logstash	9	4490	April 4, 2018
Understanding metrics filters Logstash	12	745	February 6, 2023
Logstash grok filter for metrics data Logstash	3	743	December 19, 2016
Picking data out of logs with Logstash Logstash	3	1790	July 6, 2017

Grok newbie requesting guidance

Related topics