I have to parse this log-
05-10-21T13:17:20.457741775|lapideployment-547944bff7-4f2qr|1|iuser|20|0|25.090g|1.378g|68160|S|0.0|1.1|116:20.87|java|265
I am using pattern-%{TIMESTAMP_ISO8601:timestamp}|%{DATA:pod}|
It is returning result as-
{
"timestamp": [
[
"05-10-21T13:17:20.457741775"
]
],
"pod": [
[
null
]
]
}
Can anyone help me with parsing this log?
Hello,
i think that you have to add \ before the "|"
this is your input data :
05-10-21T13:17:20.457741775|lapideployment-547944bff7-4f2qr|1|iuser|20|0|25.090g|1.378g|68160|S|0.0|1.1|116:20.87|java|265
this is the new filter / pattern :
grok {
match => {
"message" => [
"^%{TIMESTAMP_ISO8601:logdate}\|%{GREEDYDATA:pod}",
"%{GREEDYDATA:FAILPARSE}"
]
}
}
Output :
"logdate": "05-10-21T13:17:20.457741775",
"message": "05-10-21T13:17:20.457741775|lapideployment-547944bff7-4f2qr|1|iuser|20|0|25.090g|1.378g|68160|S|0.0|1.1|116:20.87|java|265",
"pod": "lapideployment-547944bff7-4f2qr|1|iuser|20|0|25.090g|1.378g|68160|S|0.0|1.1|116:20.87|java|265"
thank you so much, it worked
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.