Grok pattern creation

hitman · June 12, 2018, 6:52am

2018-05-25 10:53:15.8779 fucntionality:nil request:enter user_id:3623 school_id:4 result:success username:(('Reka',),)
2018-05-25 10:53:15.8888 functionality:nil request:enter user_id:3648 school_id:8 result:success username:(('AMRUTh',),)
2018-05-25 10:53:16.8388 functionality:nil request:enter user_id:6000 school_id:9 result:success username:(('Sahu',),)

can anyone please create grok pattern for the above logs

magnusbaeck · June 12, 2018, 8:04am

I suggest you use a grok or a dissect filter to extract two fields from each log message:

One field with the timestamp.
One field with the rest of the string (containing the key:value pairs at the end).

Then use a a kv filter to parse the field with the key:value pairs.

CDR · June 12, 2018, 8:03pm

Here are some good links used for creating groks that I have found useful/bookmark:
http://grokconstructor.appspot.com/do/constructionstep
http://grokdebug.herokuapp.com/
https://docs.microsoft.com/en-us/dotnet/standard/base-types/regular-expression-language-quick-reference#quantifiers

Topic		Replies	Views
Grok pattern construction Logstash	6	315	June 29, 2018
Grok pattern Logstash elastic-stack-monitoring	2	37	January 2, 2025
I'm just confused in using grok Logstash	10	536	June 21, 2018
Grok filter extracting fields from message Logstash	9	2721	July 21, 2020
Grok help needed Logstash	7	427	June 3, 2022

Grok pattern creation

Related topics