Grok Pattern with Pipe


I am struggling to create a Grok Pattern that matches something like following:

2020-04-21T15:31:08.633161+02:00 server1 SYSTEM[2564]: DEBUG | GetAuthorizedContent(SYSTEM000427) | C:[PD:(CLEAR):< Network Device Id >{0B00002FE118040A}PD] - Found Content: 9970665

the main issue is because of the Pipe.
I would like to extract:

- Error Code SYSTEM000427
- Action GetAuthorizedContent
- Message C:[PD:(CLEAR):{< Network Device Id >}PD] - Found Content: 9970665
- Message Object C:[PD:(CLEAR):{0B00002FE118040A}PD]
- Message Description Found Content: 9970665
- Component SYSTEM
- Component PID 2564
- Client ID 0B00002FE118040A

Any ideas?

Cheers, Ginu

you can escape pipe with \

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.