Grok pattern creation

hitman · June 12, 2018, 6:52am

2018-05-25 10:53:15.8779 fucntionality:nil request:enter user_id:3623 school_id:4 result:success username:(('Reka',),)
2018-05-25 10:53:15.8888 functionality:nil request:enter user_id:3648 school_id:8 result:success username:(('AMRUTh',),)
2018-05-25 10:53:16.8388 functionality:nil request:enter user_id:6000 school_id:9 result:success username:(('Sahu',),)

can anyone please create grok pattern for the above logs

magnusbaeck · June 12, 2018, 8:04am

I suggest you use a grok or a dissect filter to extract two fields from each log message:

One field with the timestamp.
One field with the rest of the string (containing the key:value pairs at the end).

Then use a a kv filter to parse the field with the key:value pairs.

CDR · June 12, 2018, 8:03pm

Here are some good links used for creating groks that I have found useful/bookmark:
http://grokconstructor.appspot.com/do/constructionstep
http://grokdebug.herokuapp.com/
https://docs.microsoft.com/en-us/dotnet/standard/base-types/regular-expression-language-quick-reference#quantifiers

system · July 10, 2018, 8:03pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Grok pattern construction Logstash	6	294	June 29, 2018
I'm just confused in using grok Logstash	10	519	June 21, 2018
Pattern Assistance ## Logstash	4	820	July 6, 2017
Auto Field Detection in Logs Logstash	7	2837	July 6, 2017
Help on creating GROK patterns Logstash	16	2371	September 7, 2017

Grok pattern creation

Related topics