Grok Pattern with Pipe

ginu · June 2, 2020, 5:35am

Hi

I am struggling to create a Grok Pattern that matches something like following:

2020-04-21T15:31:08.633161+02:00 server1 SYSTEM[2564]: DEBUG | GetAuthorizedContent(SYSTEM000427) | C:[PD:(CLEAR):< Network Device Id >{0B00002FE118040A}PD] - Found Content: 9970665

the main issue is because of the Pipe.
I would like to extract:

-	Error Code SYSTEM000427
-	Action GetAuthorizedContent
-	Message C:[PD:(CLEAR):{< Network Device Id >}PD] - Found Content: 9970665
-	Message Object C:[PD:(CLEAR):{0B00002FE118040A}PD]
-	Message Description Found Content: 9970665
-	Component SYSTEM
-	Component PID 2564
-	Client ID 0B00002FE118040A

Any ideas?

Cheers, Ginu

ptamba · June 2, 2020, 10:04am

you can escape pipe with \

system · June 30, 2020, 10:16am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Match and extract last part of log in pipe delimited log Logstash	3	2216	July 19, 2017
Grok failure, Grok debug OK Logstash	2	382	August 10, 2020
Filebeat ingest pipeline grok pattern Beats filebeat	3	701	June 6, 2018
Need help with the Grok Pattern Logstash	2	414	June 4, 2017
Logstash Grok pattern Logstash	3	896	July 6, 2017

Grok Pattern with Pipe

Related topics