Grok not able to parse log data

I want to write a grok in logstash filter
Input string is

{"@timestamp":"2016-11-11T13:16:20.447Z","beat":{"hostname":"ip-1-2-3-4","name":"ip-1-2-3-4","version":"5.0.0"},"input_type":"log","message":"Nov 11 13:17:23 ip-10-0-4-2 nginx01 10.100.200.400 - - [11/Nov/2016:11:40:53 +0530] "/GET name=aditya" 200 7589 resptime=0.016 - -- -","offset":28928355,"source":"/var/log/data/10.4.2.9/nginx01/2016-11-11.log","type":"nginx_data"}

The grok filter i am applying is

grok {
match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp}
%{SYSLOGHOST:syslog_hostname}
%{DATA:syslog_program}(?:[%{POSINT:syslog_pid}])?:
%{GREEDYDATA:syslog_message}" }
}

But this is not working. Please help me what is wrong in it??

This question is probably better fitted for the Logstash forum. Perhaps one of the grok debug apps can help? https://grokdebug.herokuapp.com/

I found a solution to it.
Also I wanted to know if my access log file has different kinds of data getting logged can I put multiple filter to parse each kind of lines being logged., EX

"Nov 11 12:51:11 ip-10-0-0-2 nginx 10.140.201.104 - - [11/Nov/2016:11:42:10 +0530] "GET name=aditya HTTP/1.1" 504
Jan 1 06:25:43 mailserver14 postfix/cleanup[21403]: BEF25A72965: message-id=20130101142543.5828399CCAF@mailserver14.example.com

So you can see there are two different kind of data getting logged in same file.
So now can I put multiple filters to handle each kind of logs???

You can put any number filters in your configuration file.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.