Hi all,
I'm a newbie and I learnt by watching several tutorials. I'm enjoying and sweating too!
I'm trying to match errors in my java output log. I wrote a grok pattern as below and it matches in grokdebug.herokuapp.com but it's not working when I config it. Can anyone tell me where I'm missing?
Much appreciated, please
Log file:
> [04-10 02:48:26] Test case assertion error java.lang.AssertionError: Failed to create profile: filterTesting > [04-09 16:47:33] Remote callback: unable to map server sent proxy Id=97 to client side proxy object=null from idToClientProxy. > [04-09 16:47:33] Remote callback: unable to map server sent proxy Id=97 to client side proxy object=null from idToClientProxy.
I need to match only the error portion of it. SO I wrote the pattern as
\[%{GREEDYDATA:date}\] %{GREEDYDATA:FailureType}\n%{JAVACLASS:JavaClassError}(?:\:%{SPACE}%{GREEDYDATA:FailureReason})
My simple.conf file is as follows:
input {
file {
path => "/home/surajr/Documents/java.log"
}
}
filter {
grok{
match => { "message" => "\[%{GREEDYDATA:date}\] %{GREEDYDATA:FailureType}\n%{JAVACLASS:JavaClassError}(?:\:%{SPACE}%{GREEDYDATA:FailureReason})" }
}
}
output{
if [date] and [FailureType] and [JavaClassError] {
file {
path => "/home/surajr/Documents/output.log"
codec => "plain"
}
}
else {
file {
path => "/home/surajr/Documents/output2.log"
codec => "plain"
}
}
}