Grok pattern creation

hitman · June 12, 2018, 6:52am

2018-05-25 10:53:15.8779 fucntionality:nil request:enter user_id:3623 school_id:4 result:success username:(('Reka',),)
2018-05-25 10:53:15.8888 functionality:nil request:enter user_id:3648 school_id:8 result:success username:(('AMRUTh',),)
2018-05-25 10:53:16.8388 functionality:nil request:enter user_id:6000 school_id:9 result:success username:(('Sahu',),)

can anyone please create grok pattern for the above logs

magnusbaeck · June 12, 2018, 8:04am

I suggest you use a grok or a dissect filter to extract two fields from each log message:

One field with the timestamp.
One field with the rest of the string (containing the key:value pairs at the end).

Then use a a kv filter to parse the field with the key:value pairs.

CDR · June 12, 2018, 8:03pm

Here are some good links used for creating groks that I have found useful/bookmark:
http://grokconstructor.appspot.com/do/constructionstep
http://grokdebug.herokuapp.com/
https://docs.microsoft.com/en-us/dotnet/standard/base-types/regular-expression-language-quick-reference#quantifiers

system · July 10, 2018, 8:03pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Need Help Groking Logstash	3	304	March 31, 2020
Grok pattern construction Logstash	6	269	June 29, 2018
Help on creating GROK patterns Logstash	16	2274	September 7, 2017
Grok Pattern not working Logstash	6	581	February 8, 2022
Filter username or email address within space delimited string Logstash	4	308	March 9, 2021

Grok pattern creation

Related Topics