2018-05-25 10:53:15.8779 fucntionality:nil request:enter user_id:3623 school_id:4 result:success username:(('Reka',),)
2018-05-25 10:53:15.8888 functionality:nil request:enter user_id:3648 school_id:8 result:success username:(('AMRUTh',),)
2018-05-25 10:53:16.8388 functionality:nil request:enter user_id:6000 school_id:9 result:success username:(('Sahu',),)
can anyone please create grok pattern for the above logs
I suggest you use a grok or a dissect filter to extract two fields from each log message:
Then use a a kv filter to parse the field with the key:value pairs.
Here are some good links used for creating groks that I have found useful/bookmark:
http://grokconstructor.appspot.com/do/constructionstep
http://grokdebug.herokuapp.com/
https://docs.microsoft.com/en-us/dotnet/standard/base-types/regular-expression-language-quick-reference#quantifiers
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.