Hi,

For the following message i using the specified grok pattern but in the output i get grok faild i tried using the grok constructed, which is not favoring me

In Message :

<2018-01-31 00:00:11>,<896> < INFO > < [STDOUT] > <(http-WEB0001VR%2F10.351.100.19-1000-15) > < 00:00:11,896 >
<[com.test.tst.connectivity.fddInvoker]> < INFO > - < TVS MSG Response > < [ CUSTOMER,PARTY.INFO/I/PROCESS///,***************//IN00111521,5269453 ] >

<2018-02-01 00:00:11>, < 455 > < ERROR > < [STDOUT] > < (http-WEB0001VR%2F10.351.100.19-1000-15) > < 00:00:11,896 >
< [com.test.tst.connectivity.fddInvoker] > < INFO > - < TVS MSG Response > < [ PART,PARTY.INFO/I/PROCESS///,***************//IN00111521,984453 ] >

LOG FORMAT - HIGH LEVEL:

< TIME STAMP > < , > < ID > < ERROR (OR) INFO > <[STDOUT]> <SERVER & IP > <DURATION & ID > <COM.ID> <INFO (OR) ERROR > <SERVICE RESPONSE/REQUEST> <RESPONSE MESSAGE/ REQUEST MESSAGE>

Grok pattern:

match => [ "message", "%{TIME:time} %{LOGLEVEL:level} [(?[^]]+)] ((?[^)]+)) %{GREEDYDATA:message}" ]

Any idea about this ??

Thanks in advance
Vicky

Please format the log and configuration snippets as preformatted text (e.g. by using the </> toolbar button) so we can see exactly what they look like.

Hi i have formatted the message and explained the log below also hope you can understand the log now..

The configuration and log snippets are still not preformatted text.

Can i get what grok i should use for (http-WEB0001VR%2F10.351.100.19-1000-15)

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.