Grok Pattern with Pipe

ginu · June 2, 2020, 5:35am

Hi

I am struggling to create a Grok Pattern that matches something like following:

2020-04-21T15:31:08.633161+02:00 server1 SYSTEM[2564]: DEBUG | GetAuthorizedContent(SYSTEM000427) | C:[PD:(CLEAR):< Network Device Id >{0B00002FE118040A}PD] - Found Content: 9970665

the main issue is because of the Pipe.
I would like to extract:

-	Error Code SYSTEM000427
-	Action GetAuthorizedContent
-	Message C:[PD:(CLEAR):{< Network Device Id >}PD] - Found Content: 9970665
-	Message Object C:[PD:(CLEAR):{0B00002FE118040A}PD]
-	Message Description Found Content: 9970665
-	Component SYSTEM
-	Component PID 2564
-	Client ID 0B00002FE118040A

Any ideas?

Cheers, Ginu

ptamba · June 2, 2020, 10:04am

you can escape pipe with \

system · June 30, 2020, 10:16am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.