Hello,
I am trying to parse the following log. My purpose is to take the number 4 field that is highlighted in the vertical red rectangle
The exact log message to be parsed is this one:
C:\Program Files (x86)\AlwaysUp\AlwaysUpService.exe, CATRIN Instanz 4 (managed by AlwaysUpService), C:\alfaplan\CATRIN\Programme4\Catrin.exe /SAG_ROOPZ, -k, -m, -y, 8, 20:00:00, 0, -rn, -f, 3, 0, -fd, 5, 1
Nevertheless, as the image above shows i receive grok parse failure in the tags field when i use the folowing code in the relative pipeline:
if "CATRIN" in [host][name] {
if "AlwaysUpService.exe" in [process][name] {
grok {
match => { [process][args] => "%{PATH:v1} %{WORD:v2} %{NUMBER:catrin-instance} %{GREEDYDATA:v3}" }
}
}
}
The weird thing is that when i test my grok patter i have success as the image show below:
So probably i do something wrong in my if statements above..
Any possible help?
Thank you