I have two logs: one with loglevel field and one without it as mentioned below. can anyone help me with thescript processing both type of logs from single pattern.
the sample logs are:-
2021-09-13T23:58:22.676 [] localhost - [] :: getFormName:: Formname received is -
[DEBUG] 2021-09-13T23:58:22.676 [] localhost - [] :: getFormName:: Formname received is -
Hi @Divya_Bansal,
since grok is just syntactic sugar on top of regular expressions, a normal non-capturing group with a ? quantifier should work, as in
(?:\[%{LOGLEVEL:loglevel}\] )?%{TIMESTAMP_ISO8601:@timestamp} ...
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.