So I have this log data:
> 12:03:55,117 ERROR [My.Super.Cool.Java.Class] (main-executor-threads - 213) This is an Exception message example: package.myProject.MyException: You cannot do whatever you are trying to do because of this Exception > at My.Super.Cool.Java.Class.MySuperMethod(MyJavaFile.java:123) [Slakh-6.4.3.7.jar:] > at My.Super.Cool.Java.Class2.MySuperMethod2(MyJavaFile2.java:123) [classes:] > at RestOfStackTrace...
Here's the result I'm looking for:
"@version": "1",...
...
"Level": "ERROR",
"Exception": "package.myProject.MyException"
"ExceptionMessage": "You cannot do whatever you are trying to do because of this Exception"
And here's what I'm getting:
> "@version": "1", > ... > ... > "Level": "ERROR", > "Exception": "package.myProject.MyException: You cannot do whatever you are trying to do because of this Exception\n\tat My.Super.Cool.Java.Class.MySuperM..." > "ExceptionMessage": " You cannot do whatever you are trying to do because of this Exception\n\tat My.Super.Cool.Java.Class.MySuperM..."
Here is my filter:
> MY_EXCEPTION package.myProject.MyException:\s%{GREEDYDATA:ExceptionMessage} > ...%{ERROR:Level}\s*%{GREEDYDATA}%{MY_EXCEPTION:Exception}%{GREEDYDATA}...
To sum up, what I want is to tell Grok that for "ExceptionMessage"; it should take only what's after "package.myProject.MyException" IN THAT LINE. It should leave all what's after the second line.
I spent some time looking for that pattern but I couldn't solve this issue, so I'm kind of stuck here.
I hope my problem is clear.
Thank you.