Grok Pattern for Specific words in side message field

I have some log file having pattern like
Platform = iOS || iOSRegdID = 1034 || Status = Login || LoggedIn successfully
Platform = Android || AndroidRegdID = 1024 || Status = Login || LoggedIn successfully
Platform = iOS || iOSRegdID = 104 || Status = Login || LoggedIn successfully
Platform = Android || AndroidRegdID = 1024 || Logout successfully
Platform = iOS || iOSRegdID = 1044 || Status = Login || LoggedIn successfully

Here when Plat form is iOS second field is RegID where as if platform is android then it is AndroidRegID so how can I write grok pattern for same to get values for RegID

Again most wired thing when app logout then Status filed is absent so how to handle all those scenario sothat I can have a proper dashboard at Kibana.

Kindly help whether it is possible or not .

The kv filter looks better suited to parse your log lines than the grok filter.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.