Grok pattern failure

Hey everyone i am trying to extract two patterns from this log file . i want the server name
(LSB4....) and the Status

> Nov 1 07:01:39 Task Completed: LSB4-35vls-M2-DESERT158 The following task completed:#012#012 60948221: Task Name: Take Snapshot#012Device: LSB4-35vls-M2-DESERT158 (10.246.18.31)#012Added by: NAUSER (NAUSER NAUSER)#012Start Date: 2017-11-01 07:01:16.0#012Repeat type: Non-recurring#012Status: Failed#012Comments: #012 Failed#015

here is my grok filter it worked on grokdebug but it isn't working here

grok {
     match => { "hpna_raw" => [ "%{MONTH}  %{MONTHDAY} %{TIME} %{WORD} %{WORD}: %{NOTSPACE:Server} %{WORD} %{WORD} %{WORD} %{WORD}:#012#012  %{INT}: %{WORD} %{WORD}: %{WORD} %{WORD}%{NOTSPACE} %{NOTSPACE} %{NOTSPACE} %{WORD}: %{WORD} %{NOTSPACE} %{NOTSPACE} %{WORD}: %{TIMESTAMP_ISO8601}%{NOTSPACE} %{WORD}: %{WORD}-%{WORD}#012%{NOTSPACE:Status} %{GREEDYDATA}"] }}

any help please

thank you!

`

Build your expression gradually. Start simple and add more and more to the expression until you either have captured all you want or things break, but then you know what caused it to break.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.