Grok regex help

DanV · July 11, 2018, 2:38pm

Hello,

i'm parsing a firewall log that has it's fields separated by " ; ", using this to my advantage i decided to apply the csv filter to the log using ";" as my separator. The problem appears when one of the columns generated by the csv filter appears in the following manner:

"column1" => "Fri Jun 29 11:14:47  Control host CPLogToSyslog:  ContentVersion: 5"

From this column i need to extract the fields: "Control host CPLogToSyslog" and "ContentVersion".

Looking at the grok i saw regex could be used to extract the values, but i'm not able to make it work haha.

Can someone give me any leads on a way to solve this?

Thanks!

magnusbaeck · July 12, 2018, 9:19am

Have you tried using the grok constructor website?

system · August 9, 2018, 9:19am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Request help with a grok filter pattern for date Logstash	3	542	July 6, 2017
Parsing with hyphens Logstash	11	1566	July 6, 2017
Simple parsing in logstash Logstash	8	530	April 6, 2017
Having problems parsing data Logstash	4	305	February 18, 2021
Applying grok on a field value after csv plugin Logstash	6	2818	July 6, 2017

Grok regex help

Related topics