Hi,
I am trying to parse gc-log file through grok as shown in this tutorial.
The following grok is working fine in both Grok Constructor and Grok Debugger.
%{TIMESTAMP_ISO8601:timestamp}: %{NUMBER:jvm_time}: \[%{DATA:gc_type} \(%{DATA:gc_cause}\) %{DATA:gc_time}: \[%{DATA:gc_collector}: %{NUMBER:young_generation_before}\K\-\>%{NUMBER:young_generation_after}\K\(%{NUMBER:young_generation_total}\K\)\, %{NUMBER:collection_time} .*?\] %{NUMBER:heap_before}\K\-\>%{NUMBER:heap_after}\K\(%{NUMBER:heap_total}\K\)\, %{NUMBER:gc_duration} .*?\] \[.*?\: .*?\=%{NUMBER:cpu_time} .*?\=%{NUMBER:system_time}\, .*?\=%{NUMBER:clock_time} .*?\]
For the following line
2020-06-17T21:10:03.372-0700: 332100.747: [GC (Allocation Failure) 332100.749: [ParNew: 4826611K->107208K(5505024K), 0.0377490 secs] 7922907K->3203567K(11796480K), 0.0403224 secs] [Times: user=0.30 sys=0.00, real=0.04 secs]
But it fails both in Kibanna's Grok Debugger and Logstash.